!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

701 Members
Coordination and triage of security issues in nixpkgs216 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
27 Jun 2025
@hexa:lossy.networkhexahttps://www.libssh.org/2025/06/24/libssh-0-11-2-security-and-bugfix-release/ https://github.com/NixOS/nixpkgs/pull/41974720:22:31
28 Jun 2025
@grimmauld:grapevine.grimmauld.deGrimmauld (migrated to @grimmauld:m.grimmauld.de) https://github.com/advisories/GHSA-c2mm-9c32-xc37
https://github.com/NixOS/nixpkgs/pull/413267
cc primeos 		15:08:20
@grimmauld:grapevine.grimmauld.deGrimmauld (migrated to @grimmauld:m.grimmauld.de)according to repology, perl also has an update for security, though i am too unfamiliar with our perl to judge whether we already patched it or not15:18:33
@tgerbet:matrix.orgtgerbetYep it is, was done in https://github.com/NixOS/nixpkgs/pull/39835915:21:20
@stigo:matrix.orgstigonixpkgs was one of the first distros to get patched, and our security team has been added to the pre-release disclosure list for perl-security since then17:11:55
30 Jun 2025
@grimmauld:grapevine.grimmauld.deGrimmauld (migrated to @grimmauld:m.grimmauld.de) libxml2 (cc Jan Tojnar i guess...):
https://github.com/NixOS/nixpkgs/pull/418280
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.4
https://access.redhat.com/security/cve/CVE-2025-6021 		09:10:26
@grimmauld:grapevine.grimmauld.deGrimmauld (migrated to @grimmauld:m.grimmauld.de) * libxml2 (cc Jan Tojnar i guess...):
https://github.com/NixOS/nixpkgs/pull/418280
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.4
https://access.redhat.com/security/cve/CVE-2025-6021
(apparently our bump to tip-of-branch got lucky and includes the cve fix, oh well) 		09:16:24
@bwlf:bandrate.orgbwlf

https://www.openwall.com/lists/oss-security/2025/06/30/3 https://www.openwall.com/lists/oss-security/2025/06/30/2

16:32:22
@daniel:routing.rocksdan_nrw changed their profile picture.17:16:27
@daniel:routing.rocksdan_nrw changed their profile picture.17:17:27
@tgerbet:matrix.orgtgerbethttps://github.com/NixOS/nixpkgs/pull/42131419:31:01
@h0nig2k:matrix.orgh0nig2kpython setuptools CVE 7.7 (only 25.05): https://github.com/NixOS/nixpkgs/pull/42134321:18:40
@h0nig2k:matrix.orgh0nig2k* python setuptools CVE 7.7 (only 25.05): https://github.com/NixOS/nixpkgs/pull/42135021:48:50
1 Jul 2025
@djacu:matrix.orgdjacu joined the room.03:29:06
@djacu:matrix.orgdjacuHey Security Team In case you haven't seen the recent post on discourse, the Marketing Team is preparing this year's community survey. I am reaching out to teams to see if there are any questions they would like to add to the survey to better serve the work you all do. More details in the post linked below. https://discourse.nixos.org/t/community-feedback-requested-2025-nix-community-survey-planning/6615503:29:17

Show newer messages

Back to Room ListRoom Version: 6