!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

694 Members
Coordination and triage of security issues in nixpkgs215 Servers

Load older messages

SenderMessageTime
7 Feb 2025
@niklaskorz:korz.devNiklas Korz Not sure if this qualifies for the security label, but as it gets rid of another .NET 6 dependency I guess it might:
https://github.com/NixOS/nixpkgs/pull/380045 		10:03:29
8 Feb 2025
@marcel:envs.netMarcel joined the room.20:27:55
9 Feb 2025
@tired:fairydust.space@tired:fairydust.space left the room.22:50:32
10 Feb 2025
@phelix:c-base.orgphelix | 3383 changed their display name from phelix 3383 to phelix.01:03:49
11 Feb 2025
@tom:dragar.deTom seems to be happening just now Markus Theil 14:49:44
@mtheil:scs.ems.hostMarkus TheilYes, PR is already updated for unstable/staging. Now backport to 24.11 is WIP on my side.14:52:22
@hexa:lossy.networkhexahttps://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-2025021117:38:50
@hexa:lossy.networkhexa flx: 17:38:55
12 Feb 2025
@arcayr:mischief.expertarcayr joined the room.02:50:55
15 Feb 2025
@benjb83:matrix.orgBenjB83 joined the room.10:19:19
@benjb83:matrix.orgBenjB83 changed their display name from Benjamín Buske to BenjB83.10:43:19
16 Feb 2025
@aloisw:julia0815.dealoisw changed their profile picture.10:14:33
@niklaskorz:korz.devNiklas Korzhttps://github.com/indutny/elliptic/security/advisories/GHSA-vjh7-7g9h-fjfh no idea how to find out what of nixpkgs might potentially be affected, but it has 3063 dependents on npm so there's a good chance it's not zero10:42:32
@niklaskorz:korz.devNiklas Korz it doesn't appear to be included in nodePackages at least 10:48:51
@niklaskorz:korz.devNiklas Korznever mind, it is10:50:07
@steeringwheelrules:tchncs.de@steeringwheelrules:tchncs.de joined the room.15:49:30
@hexa:lossy.networkhexa

https://www.postgresql.org/message-id/173945575457.197393.6175786842655230205%40wrigleys.postgresql.org
https://www.postgresql.org/about/news/postgresql-173-167-1511-1416-and-1319-released-3015/

ma27

16:37:38
@vcunat:matrix.orgvcunathttps://github.com/NixOS/nixpkgs/pull/38228216:38:33
@ma27:nicht-so.sexyma27 WIP already: https://github.com/NixOS/nixpkgs/pull/382282 16:38:35
@hexa:lossy.networkhexaI suck at searching the PR tracker, sowwy 😄 16:39:35
17 Feb 2025
@sandro:supersandro.deSandroin:title is usually required to find things17:54:09
18 Feb 2025
@hexa:lossy.networkhexahttps://www.openwall.com/lists/oss-security/2025/02/18/111:39:02
@hexa:lossy.networkhexaopenssh11:39:05
@arianvp:matrix.orgArianVerifyHostKeyDNS is not enabled by default on nixos right11:41:20
@niklaskorz:korz.devNiklas Korzno, but there are at least some public configs enabling it: https://grep.app/search?f.lang=Nix&f.lang.pattern=nix&q=VerifyHostKeyDNS11:44:04
@arianvp:matrix.orgArianI definitely had it enabled in my homelab before because if was using SSHFP11:45:11
@niklaskorz:korz.devNiklas Korz oh, NuschtOS enables it by default (cc Sandro 🐧 👀) 11:45:16
@sandro:supersandro.deSandrohttps://www.openssh.com/releasenotes.html#9.9p212:10:24
@sandro:supersandro.deSandroI don't see a PR yet12:11:53
@tgerbet:matrix.orgtgerbetI'm running the tests right now12:45:25

Show newer messages

Back to Room ListRoom Version: 6