!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

689 Members
Coordination and triage of security issues in nixpkgs211 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
11 Jun 2025
@saiko:knifepoint.net@saiko:knifepoint.net changed their profile picture.16:11:59
@saiko:knifepoint.net@saiko:knifepoint.net changed their display name from Katalin 🔪 to Katalin ⚧︎.16:13:21
12 Jun 2025
@sugi:matrix.besaid.desugi changed their profile picture.11:54:22
@stigo:matrix.orgstigoRed Hat just assigned CVEs for these: CVE-2025-5914 CVE-2025-5915 CVE-2025-5916 CVE-2025-5917 CVE-2025-591817:54:47
@stigo:matrix.orgstigo* Red Hat just assigned CVEs for these (in coordination with upstream): CVE-2025-5914 CVE-2025-5915 CVE-2025-5916 CVE-2025-5917 CVE-2025-591817:56:40
@stigo:matrix.orgstigo * Red Hat just recently assigned CVEs for these (in coordination with upstream):
CVE-2025-5914
CVE-2025-5915
CVE-2025-5916
CVE-2025-5917
CVE-2025-5918 		18:02:21
13 Jun 2025
@ma27:nicht-so.sexyma27

https://github.com/NixOS/nixpkgs/pull/416357, grafana 12.0.1+security-01 (fixes CVE-2025-3415).
nothing published yet, so I don't really know what this is about.

about to leave, when I'm back I'll also update the package on 24.11.

07:10:29
@ma27:nicht-so.sexyma27 https://github.com/NixOS/nixpkgs/pull/416418 for 24.11 10:37:25
15 Jun 2025
@c3r5b8:matrix.org@c3r5b8:matrix.org left the room.13:32:29
16 Jun 2025
@adam:robins.wtf@adam:robins.wtfhttps://github.com/NixOS/nixpkgs/pull/41724814:06:32
17 Jun 2025
@hexa:lossy.networkhexahttps://insinuator.net/2025/06/disclosure-multiple-vulnerabilities-xserver-xwayland/14:51:36
@hexa:lossy.networkhexa * https://insinuator.net/2025/06/disclosure-multiple-vulnerabilities-xserver-xwayland/ K900 Emantor 14:52:04
@k900:0upti.meK900Woo14:56:19
@k900:0upti.meK900On it14:56:22
@k900:0upti.meK900xwayland: https://github.com/NixOS/nixpkgs/pull/41756815:00:26
@k900:0upti.meK900And xorgserver (staging): https://github.com/NixOS/nixpkgs/pull/41756915:03:29
@hexa:lossy.networkhexahttps://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx unmaintained 😕 22:02:13
@hexa:lossy.networkhexa* https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx unmaintained in nixpkgs 😕 22:02:17
@hexa:lossy.networkhexa

Systems are vulnerable if they use pam_namespace to polyinstantiate a directory

22:02:49
@hexa:lossy.networkhexa https://www.openwall.com/lists/oss-security/2025/06/17/5 libblockdev/udisks Jan Tojnar 22:06:45

Show newer messages

Back to Room ListRoom Version: 6