!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

689 Members
Coordination and triage of security issues in nixpkgs | Discussions in #security-discuss:nixos.org | Open PRs: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+label%3A%221.severity%3A+security%22210 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
16 Jul 2025
@lennart:0520.chlennart joined the room.17:23:22
@grimmauld:grapevine.grimmauld.deGrimmauld (migrated to @grimmauld:m.grimmauld.de)https://github.com/NixOS/nixpkgs/pull/425863 Fixes CVE-2025-49794, CVE-2025-49796, CVE-2025-49795, CVE-2025-6170 Four CVEs this time!!18:14:20
@grimmauld:grapevine.grimmauld.deGrimmauld (migrated to @grimmauld:m.grimmauld.de)* https://github.com/NixOS/nixpkgs/pull/425863 Fixes CVE-2025-49794, CVE-2025-49796, CVE-2025-49795, CVE-2025-6170 Four CVEs this time :)18:14:32
@grimmauld:grapevine.grimmauld.deGrimmauld (migrated to @grimmauld:m.grimmauld.de)Also nodejs: https://github.com/NixOS/nixpkgs/pull/425602 Two CVEs, but the CVE that affects older versions (including our default, 22.x) is windows-only and therefore not super bad for us.18:34:23
18 Jul 2025
@ma27:nicht-so.sexyma27 grafana xss fixes: https://github.com/NixOS/nixpkgs/pull/426345 11:33:04
19 Jul 2025
@jonhermansen:matrix.orgjonhermansenI updated MS Edge, then saw it addresses recent Chromium vuln: https://github.com/NixOS/nixpkgs/pull/42671417:31:42
@jonhermansen:matrix.orgjonhermansenI've never raised any security issue, but I think I have all my ducks in a row. Let me know if not17:34:05
@jonhermansen:matrix.orgjonhermansen* I've never raised any security issue, but I think I got everything right. Let me know if not17:36:47
20 Jul 2025
@tomasajt:matrix.orgToma joined the room.00:29:58
21 Jul 2025
@os:matrix.flyingcircus.ioosnyx (he/him) The coordinated matrix update has been postponed to 2025-08-11. 08:03:55
@emilazy:matrix.orgemily
In reply to @jonhermansen:matrix.org
I updated MS Edge, then saw it addresses recent Chromium vuln: https://github.com/NixOS/nixpkgs/pull/426714
looks like the automated backport failed, so stable is still vulnerable 		12:42:39
22 Jul 2025
@jonhermansen:matrix.orgjonhermansen Thank you @mdaniels5757 for backporting it. I tested and approved it but can't merge it. https://github.com/NixOS/nixpkgs/pull/427270 02:15:02
@jonhermansen:matrix.orgjonhermansen Thank you @mdaniels5757 for backporting it. I reviewed, tested and approved it but can't merge it. https://github.com/NixOS/nixpkgs/pull/427270 02:16:24
@emilazy:matrix.orgemilyRedacted or Malformed Event02:17:50
@emilazy:matrix.orgemilyoops02:17:52

Show newer messages

Back to Room ListRoom Version: 6