!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

699 Members
Coordination and triage of security issues in nixpkgs215 Servers

Load older messages

SenderMessageTime
13 Mar 2026
@arianvp:matrix.orgArianLmao redhat filed a CVE for it14:48:56
@arianvp:matrix.orgArianhttps://www.cve.org/CVERecord?id=CVE-2026-410514:49:11
@arianvp:matrix.orgArianAnd the CVE is wrong. Marks more things as affected than needed. Great. 14:49:40
@magic_rb:matrix.redalder.orgmagic_rbyou mean that rhel7 is not affected?14:53:34
@k900:0upti.meK900New kernels with apparmor security fixes: https://lore.kernel.org/stable/2026031357-statistic-surrogate-41a7@gregkh/T/#t16:46:35
@k900:0upti.meK900Someone please do the dance16:46:45
@ma27:nicht-so.sexyma27ok, on it.16:56:43
@arianvp:matrix.orgArian
In reply to @magic_rb:matrix.redalder.org
you mean that rhel7 is not affected?
Afaics not a single RHEL version is affected 		17:36:21
@arianvp:matrix.orgArianRHEL is on 257. This vulnerability was introduced in 259. Idk wtf they're doing17:36:38
@magic_rb:matrix.redalder.orgmagic_rblmao17:37:31
14 Mar 2026
@amadaluzia:unredacted.orgamadaluzia -> 4d2.org changed their display name from amadaluzia to amadaluzia[uorg].18:50:59
@amadaluzia:4d2.orgamadaluzia joined the room.19:29:28
@amadaluzia:unredacted.orgamadaluzia -> 4d2.org changed their display name from amadaluzia[uorg] to amadaluzia -> 4d2.org.21:23:01
16 Mar 2026
@azban:matrix.orgazban joined the room.01:15:52
@azban:matrix.orgazban left the room.01:18:58
@azban:matrix.orgazban joined the room.01:19:05
@azban:matrix.orgazban left the room.01:19:25
@azban:matrix.orgazban joined the room.01:37:27
@hexa:lossy.networkhexahttps://seclists.org/oss-sec/2026/q1/317 gstreamer03:20:03
17 Mar 2026
@sigmasquadron:matrix.orgFernando Rodrigueshttps://github.com/NixOS/nixpkgs/pull/500711 Xen12:14:58
@hexa:lossy.networkhexahttps://seclists.org/oss-sec/2026/q1/33121:09:09
@hexa:lossy.networkhexa* https://seclists.org/oss-sec/2026/q1/331 expat21:09:21
18 Mar 2026
@markus.theil:factory.secunet.comMarkus TheilBotan had a new release these days. I don't really know if any packages use TLS from Botan or just crypto operations like hashing, encryption/decryption. The security relevant changes touch OCSP handling and parallel signatures with e.g. ML-DSA. https://botan.randombit.net/news.html#version-3-11-0-2026-03-15 https://github.com/NixOS/nixpkgs/pull/50038408:13:02
@markus.theil:factory.secunet.comMarkus TheilOpenSSL also will release new version in the following weeks: https://openssl-library.org/news/secadv/20260313.txt (sry, if this was already posted here.)08:15:35
@markus.theil:factory.secunet.comMarkus Theil* OpenSSL also will release new versions in the following weeks: https://openssl-library.org/news/secadv/20260313.txt (sry, if this was already posted here.)08:15:43
@eouzoe:matrix.org曜日 joined the room.20:32:49
19 Mar 2026
@uep:matrix.orguephttps://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b09:54:37
@uep:matrix.orguepCVSS 1009:54:59
@tom:dragar.deTomhttps://github.com/NixOS/nixpkgs/pull/50118110:05:08
@hexa:lossy.networkhexahttps://github.com/wolfSSL/wolfssl/releases/tag/v5.9.0-stable12:55:16

Show newer messages

Back to Room ListRoom Version: 6