!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

682 Members
Coordination and triage of security issues in nixpkgs214 Servers

Load older messages

SenderMessageTime
27 Nov 2025
@robert:funklause.dedotlambdahttps://github.com/NixOS/nixpkgs/pull/445729#issuecomment-358362084600:20:14
@robert:funklause.dedotlambdahttps://github.com/NixOS/nixpkgs/pull/46543300:21:08
@conatsera:matrix.orgconatsera joined the room.03:14:14
@hexa:lossy.networkhexahttps://github.com/OpenPrinting/cups/releases/tag/v2.4.1515:33:22
@hexa:lossy.networkhexawell, denial of service15:33:58
@hexa:lossy.networkhexaif you expose a cupsd that wide 🤷15:34:06
28 Nov 2025
@grimmauld:m.grimmauld.deGrimmauld (any/all) changed their display name from grimmauld (any/all) to musl-official | Grimm | any/all.11:35:37
@grimmauld:m.grimmauld.deGrimmauld (any/all) changed their display name from musl-official | Grimm | any/all to Grimmauld (any/all).11:36:00
29 Nov 2025
@amadaluzia:unredacted.orgamadaluzia changed their profile picture.11:40:57
30 Nov 2025
@sdier:matrix.orgsdier left the room.15:36:54
1 Dec 2025
@niklaskorz:matrix.orgniklaskorz https://kde.org/info/security/advisory-20251128-1.txt 12:10:35
@niklaskorz:matrix.orgniklaskorz(fix already landed in both 25.11 and unstable but 25.05 appears to be still affected)12:12:17
@k900:0upti.meK900I think 25.05 might be too old, someone needs to backport the patch12:13:32
@niklaskorz:matrix.orgniklaskorzOr mark as vulnerable and hint that 25.11 has the fix until someone as time to backport the patch12:17:01
@niklaskorz:matrix.orgniklaskorz* Or mark as vulnerable and hint that 25.11 has the fix until someone has time to backport the patch12:17:11
@niklaskorz:matrix.orgniklaskorz Actually never mind that, the fix has been merged into 25.05 too by @K900 hree days ago, just hasnt reached nixos-25.05 yet 13:01:07
@k900:0upti.meK900OK I'm thinking of something else then13:01:25
@k900:0upti.meK900(narrator voice: he was not, in fact, thinking)13:01:37
@niklaskorz:matrix.orgniklaskorz * Actually never mind that, the fix has been merged into 25.05 too by @K900 three days ago, just hasnt reached nixos-25.05 yet 13:01:52
@brisingr05:matrix.orgBrisingr changed their display name from Brisingr05 to Brisingr.18:39:58
2 Dec 2025
@phelix:c-base.orgphelix | 3383 changed their display name from phelix to phelix | 3383.19:07:24
@mdaniels5757:matrix.orgmdaniels5757It is acceptable to mark packages as vulnerable on release branches, right? It was said to be a prohibited breaking change in https://github.com/NixOS/nixpkgs/pull/466983. I've been creating these backports (and getting them merged) for a bit, but I want some more validation before I reopen that PR :)22:35:01
@hexa:lossy.networkhexa if we cannot fix them we tend to mark as vulnerable, yes. better kept in #security-discuss:nixos.org 22:42:28
@hexa:lossy.networkhexahttps://seclists.org/oss-sec/2025/q4/22822:50:38
@hexa:lossy.networkhexa* https://seclists.org/oss-sec/2025/q4/228 vim 22:50:52
@hexa:lossy.networkhexa cc Philip Taron (UTC-8) 22:51:04
@hexa:lossy.networkhexablargh, windows only22:51:21
@hexa:lossy.networkhexa🪟22:51:33
3 Dec 2025
@hexa:lossy.networkhexahttps://seclists.org/oss-sec/2025/q4/229 xorg.xkbcomp (1.4.7 -> 1.5.0)10:19:30
19 May 2021
@grahamc:nixos.org@grahamc:nixos.org set the history visibility to "world_readable".22:57:54

Show newer messages

Back to Room ListRoom Version: 6