| 29 May 2025 |
 Grimmauld (migrated to @grimmauld:m.grimmauld.de) | https://github.com/yamafaktory/jql
not sure how compatible it is though
also #security-discuss:nixos.org if we'll discuss that | 09:28:34 |
 Morgan (@numinit) | Kea has a few https://www.openwall.com/lists/oss-security/2025/05/28/7 | 16:26:42 |
| Morgan (@numinit) | Also https://www.openwall.com/lists/oss-security/2025/05/27/2
Heap buffer overflow in GNU Coreutils sort that's been there since version 7.2 (we're on 9.7, and apparently it's still there) | 16:28:58 |
| Grimmauld (migrated to @grimmauld:m.grimmauld.de) | seems simple enough to update, but why are we on 2.6.x if there exists 2.7x? | 16:29:23 |
| Grimmauld (migrated to @grimmauld:m.grimmauld.de) | * seems simple enough to update, but why are we on 2.6.x if there exists 2.7.x? | 16:29:27 |
| Morgan (@numinit) | not sure | 16:29:52 |
 Arian | https://blog.qualys.com/vulnerabilities-threat-research/2025/05/29/qualys-tru-discovers-two-local-information-disclosure-vulnerabilities-in-apport-and-systemd-coredump-cve-2025-5054-and-cve-2025-4598
https://github.com/systemd/systemd/releases/tag/v257.6
| 17:28:46 |
 hexa | bceause only even minor versions are stable | 17:33:38 |
| hexa | and the update is not straightforward | 17:33:43 |
| hexa | https://github.com/NixOS/nixpkgs/pull/411875 | 17:34:06 |
| Grimmauld (migrated to @grimmauld:m.grimmauld.de) | uh oh, didn't realize the module needed changing to allow clean updates.... Indeed, not straight-forward, and thanks for explaining :) | 17:35:53 |
| Grimmauld (migrated to @grimmauld:m.grimmauld.de) | https://github.com/NixOS/nixpkgs/pull/412147
I was already poking systemd for udev stuff earlier today, have the bump pr :)
I tested nixos tests, i did not try to repro the vuln to see if it is truly fixed now.
| 18:41:42 |
| Grimmauld (migrated to @grimmauld:m.grimmauld.de) | * https://github.com/NixOS/nixpkgs/pull/412147
I was already poking systemd for udev stuff earlier today, have the bump pr :)
i did not try to repro the vuln to see if it is truly fixed now.
| 18:44:10 |
| 30 May 2025 |
 stigo | https://github.com/NixOS/nixpkgs/pull/412233 (considered to be low-medium severity) | 03:39:03 |
 leona | what about backports? just apply to 25.05 and 24.11? | 09:06:59 |
