!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

713 Members
Coordination and triage of security issues in nixpkgs219 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
21 Mar 2024
@mjolnir:nixos.orgNixOS Moderation Botchanged room power levels.18:03:08
@grahamc:nixos.org@grahamc:nixos.org left the room.20:10:07
22 Mar 2024
@vcunat:matrix.orgvcunatThis would be nice to decide somehow: https://github.com/NixOS/nixpkgs/pull/295859#issuecomment-200489756607:22:19
@emhamm:matrix.orgemhamm joined the room.09:25:07
@b12f:pub.solarb12f joined the room.13:09:49
@bumperboat:matrix.org@bumperboat:matrix.org changed their display name from bumperboat to bumperboat (UTC+8 when).13:28:09
@bumperboat:matrix.org@bumperboat:matrix.org changed their display name from bumperboat (UTC+8 when) to bumperboat (UTC+8).15:02:10
@felschr:matrix.orgfelschr

https://github.com/NixOS/nixpkgs/pull/298196

This is an unscheduled emergency release with important security updates to Firefox for Desktop platforms.

23:14:01
23 Mar 2024
@ss:someonex.netSomeoneSerge (matrix works sometimes) changed their display name from SomeoneSerge (hash-versioned python modules when) to SomeoneSerge (migrating synapse).02:11:06
@felschr:matrix.orgfelschr *

https://github.com/NixOS/nixpkgs/pull/298196
https://github.com/NixOS/nixpkgs/pull/298202

This is an unscheduled emergency release with important security updates to Firefox for Desktop platforms.

10:50:21
24 Mar 2024
@hexa:lossy.networkhexahttps://gnutls.org/security-new.html#GNUTLS-SA-2023-12-0411:05:08
@hexa:lossy.networkhexa * https://gnutls.org/security-new.html#GNUTLS-SA-2023-12-04 vcunat 11:07:44
@tgerbet:matrix.orgtgerbetUnstable here https://github.com/NixOS/nixpkgs/pull/297657 Taking a look for the backport to stable, looks like the file has been nixpkgs-fmted11:12:44
@hexa:lossy.networkhexaah thanks, for some reason I missed it when I checked the version on staging11:17:38
@tgerbet:matrix.orgtgerbethttps://github.com/NixOS/nixpkgs/pull/29860411:19:29
@qyliss:fairydust.spaceAlyssa RossSeems to regress musl :(14:31:41
25 Mar 2024
@binarycat:snug.moeネコ joined the room.00:12:11
@binarycat:snug.moeネコhey i found a way to put nulls in strings, unsure if that has security implications, but it should probably be an error?00:14:04
@binarycat:snug.moeネコunsure if i should open an issue on github? could this be used for some sort of buffer overflow attack? idk00:15:48

Show newer messages

Back to Room ListRoom Version: 6