| 14 Oct 2025 |
 vcunat | (but it was short) | 14:59:13 |
| vcunat | * (but it was short and didn't go into details) | 14:59:20 |
| vcunat | Reducing search space to 1/8th is unpleasant but not a security risk. | 14:59:56 |
| vcunat | * Either way, reducing search space to 1/8th is unpleasant but not a security risk. | 15:00:03 |
| vcunat | I can buy 8-times more powerful computer easily. | 15:00:23 |
 Jassuko | The test vectors in the git was a bunch of private keys that has different amounts of effective bits in them. I'd say this is probably the relevant context of the thing. | 15:00:39 |
| vcunat | Let's move this to #security-discuss:nixos.org though. | 15:00:52 |
|  Phil Hale joined the room. | 16:26:17 |
 Jan Tojnar | https://github.com/NixOS/nixpkgs/pull/451215 | 16:34:18 |
|  pinpox changed their display name from pinpox to reaktor. | 21:14:03 |
| pinpox changed their display name from reaktor to pinpox. | 21:14:04 |
| Jan Tojnar | https://github.com/NixOS/nixpkgs/pull/452081
| 21:56:15 |
| 15 Oct 2025 |
|  DenKn changed their display name from 𝔇𝔢𝔫𝔎𝔫 to DenKn. | 08:15:57 |
|  Robert Hensing (roberth) joined the room. | 21:07:54 |
| Robert Hensing (roberth) | Just found a public security fix. Probably low impact. https://github.com/NixOS/nixpkgs/pull/452376 | 21:08:29 |
| Robert Hensing (roberth) | * Just found a public security fix for libgit2. Probably low impact. https://github.com/NixOS/nixpkgs/pull/452376 | 21:14:05 |
 hexa | https://seclists.org/oss-sec/2025/q4/46 | 22:06:39 |
| hexa | * https://seclists.org/oss-sec/2025/q4/46 samba | 22:22:04 |
| hexa | https://github.com/NixOS/nixpkgs/pull/452396
https://github.com/NixOS/nixpkgs/pull/452397 | 22:43:19 |
| 16 Oct 2025 |
| hexa | https://github.com/element-hq/matrix-authentication-service/security/advisories/GHSA-6wfp-jq3r-j9xh teutat3s | 17:34:28 |
 teutat3s | https://github.com/NixOS/nixpkgs/pull/452425#issuecomment-3412018823 | 17:56:30 |
 j-k | Bump + maintenance, resolves a moderate
https://github.com/NixOS/nixpkgs/pull/452678
https://github.com/in-toto/go-witness/security/advisories/GHSA-72c7-4g63-hpw5 | 18:49:33 |
|  SpiralP left the room. | 18:54:23 |
| SpiralP joined the room. | 18:55:06 |
| 18 Oct 2025 |
|  @kevincox:matrix.org left the room. | 10:23:21 |
 Mic92 | https://github.com/NixOS/nixpkgs/pull/452376 libgit | 20:59:30 |
 Grimmauld (any/all) | binutils 2.45 has a few CVEs, though as we are still on 2.44 it is unclear whether we are affected (likely the answer is yes, but i didn't go look).
Patches seem to exist though, not sure whether they apply on 2.44 base though.
https://nvd.nist.gov/vuln/detail/CVE-2025-11412
https://nvd.nist.gov/vuln/detail/CVE-2025-11413
https://nvd.nist.gov/vuln/detail/CVE-2025-11414
https://nvd.nist.gov/vuln/detail/CVE-2025-11494
https://nvd.nist.gov/vuln/detail/CVE-2025-11495
cc John Ericson i guess
| 21:08:08 |
| Grimmauld (any/all) | * binutils 2.45 has a few CVEs, though as we are still on 2.44 it is unclear (to me) whether we are affected (likely the answer is yes, but i didn't go look).
Patches seem to exist though, not sure whether they apply on 2.44 base though.
https://nvd.nist.gov/vuln/detail/CVE-2025-11412
https://nvd.nist.gov/vuln/detail/CVE-2025-11413
https://nvd.nist.gov/vuln/detail/CVE-2025-11414
https://nvd.nist.gov/vuln/detail/CVE-2025-11494
https://nvd.nist.gov/vuln/detail/CVE-2025-11495
cc John Ericson i guess
| 21:08:19 |
| Grimmauld (any/all) | * binutils 2.45 has a few CVEs, though as we are still on 2.44 it is unclear (to me) whether we are affected (likely the answer is yes, but i didn't go look).
Patches seem to exist though, not sure whether they apply on 2.44 base.
https://nvd.nist.gov/vuln/detail/CVE-2025-11412
https://nvd.nist.gov/vuln/detail/CVE-2025-11413
https://nvd.nist.gov/vuln/detail/CVE-2025-11414
https://nvd.nist.gov/vuln/detail/CVE-2025-11494
https://nvd.nist.gov/vuln/detail/CVE-2025-11495
cc John Ericson i guess
| 21:08:32 |
| 19 Oct 2025 |
| vcunat | No new updates in the branch, so far:
https://sourceware.org/git/?p=binutils-gdb.git;a=shortlog;h=refs/heads/binutils-2_44-branch | 07:00:55 |
