!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

672 Members
Coordination and triage of security issues in nixpkgs | Discussions in #security-discuss:nixos.org | Open PRs: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+label%3A%221.severity%3A+security%22210 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
21 Jul 2025
@os:matrix.flyingcircus.ioosnyx (he/him) The coordinated matrix update has been postponed to 2025-08-11. 08:03:55
@emilazy:matrix.orgemily
In reply to @jonhermansen:matrix.org
I updated MS Edge, then saw it addresses recent Chromium vuln: https://github.com/NixOS/nixpkgs/pull/426714
looks like the automated backport failed, so stable is still vulnerable 		12:42:39
22 Jul 2025
@jonhermansen:matrix.orgjonhermansen Thank you @mdaniels5757 for backporting it. I tested and approved it but can't merge it. https://github.com/NixOS/nixpkgs/pull/427270 02:15:02
@jonhermansen:matrix.orgjonhermansen Thank you @mdaniels5757 for backporting it. I reviewed, tested and approved it but can't merge it. https://github.com/NixOS/nixpkgs/pull/427270 02:16:24
@emilazy:matrix.orgemilyRedacted or Malformed Event02:17:50
@emilazy:matrix.orgemilyoops02:17:52
@emilazy:matrix.orgemily😅 there's a reason we have the "browsers have committer among maintainers" rule02:18:14
@emilazy:matrix.orgemily(but unfortunately the committer who volunteered for Edge hasn't reviewed/merged any PRs)02:18:30
@jonhermansen:matrix.orgjonhermansenThanks emily. Is there anything else I should do there?02:20:44
@emilazy:matrix.orgemily just have to wait for someone to merge. but in the long run there'll need to be an active committer involved in the package to sustainably merge security updates; pretty much every browser update has CVEs. (should probably move to #security-discuss:nixos.org for extended discussion) 02:23:29
23 Jul 2025
@implr:hackerspace.plimplr set a profile picture.10:57:46
@implr:hackerspace.plimplr changed their profile picture.11:21:44
@transcaffeine:finallycoffee.eutranscaffeine https://github.com/NixOS/nixpkgs/pull/427778 snipe-it (due to livewire's CVE-2025-54068) 15:46:29
@grimmauld:grapevine.grimmauld.deGrimmauld (any/all) Marking all the libsoup_2_4 vulnerabilities:
https://github.com/NixOS/nixpkgs/pull/427813
(following the conversation in #dev:nixos.org ) 		17:31:29
@grimmauld:grapevine.grimmauld.deGrimmauld (any/all) * Marking all the libsoup_2_4 vulnerabilities, should wait for Jan to ack this:
https://github.com/NixOS/nixpkgs/pull/427813
(following the conversation in #dev:nixos.org ) 		17:31:46
@grimmauld:grapevine.grimmauld.deGrimmauld (any/all) * Marking all the libsoup_2_4 vulnerabilities, should wait for Jan Tojnar to ack this but figured i might as well put it here:
https://github.com/NixOS/nixpkgs/pull/427813
(following the conversation in #dev:nixos.org ) 		17:32:04
24 Jul 2025
@tgerbet:matrix.orgtgerbet

GLIBC-SA-2025-0005 cc ma27

https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0005;h=8bcccc59a546800624576e3a835b759d9ad1f1e0;hb=HEAD

06:53:09

Show newer messages

Back to Room ListRoom Version: 6