!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

656 Members
Coordination and triage of security issues in nixpkgs | Discussions in #security-discuss:nixos.org | Open PRs: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+label%3A%221.severity%3A+security%22204 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
4 Feb 2025
@hexa:lossy.networkhexa * OpenSSL on 2025-02-11 between 13:00-17:00 UTC Markus Theil 16:54:04
@mtheil:scs.ems.hostMarkus TheilThanks for pinging me on this!17:01:57
5 Feb 2025
@userblackbox:matrix.orghexadecimal_dinosaur joined the room.02:49:39
@hexa:lossy.networkhexa https://www.openwall.com/lists/oss-security/2025/02/05/8 nginx client cert bypass through tls1.3 session resumption
fpletz raitobezarius [0x4A6F] 		18:20:40
@raitobezarius:matrix.orgraitobezarius https://github.com/NixOS/nixpkgs/pull/379694 20:19:08
6 Feb 2025
@ss:someonex.netSomeoneSerge (back on matrix) changed their display name from SomeoneSerge (Gand St. Pieters) to SomeoneSerge (UTC+U[-12,12]).17:48:05
@rizary:matrix.org@rizary:matrix.org left the room.23:02:29
7 Feb 2025
@niklaskorz:korz.devNiklas Korz Not sure if this qualifies for the security label, but as it gets rid of another .NET 6 dependency I guess it might:
https://github.com/NixOS/nixpkgs/pull/380045 		10:03:29
8 Feb 2025
@marcel:envs.netMarcel joined the room.20:27:55
9 Feb 2025
@tired:fairydust.space@tired:fairydust.space left the room.22:50:32
10 Feb 2025
@phelix:c-base.orgphelix | 3383 changed their display name from phelix 3383 to phelix.01:03:49
11 Feb 2025
@tom:dragar.deTom seems to be happening just now Markus Theil 14:49:44
@mtheil:scs.ems.hostMarkus TheilYes, PR is already updated for unstable/staging. Now backport to 24.11 is WIP on my side.14:52:22
@hexa:lossy.networkhexahttps://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-2025021117:38:50
@hexa:lossy.networkhexa flx: 17:38:55
12 Feb 2025
@arcayr:mischief.expertarcayr joined the room.02:50:55
15 Feb 2025
@benjb83:matrix.orgBenjB83 joined the room.10:19:19
@benjb83:matrix.orgBenjB83 changed their display name from Benjamín Buske to BenjB83.10:43:19
16 Feb 2025
@aloisw:julia0815.dealoisw changed their profile picture.10:14:33
@niklaskorz:korz.devNiklas Korzhttps://github.com/indutny/elliptic/security/advisories/GHSA-vjh7-7g9h-fjfh no idea how to find out what of nixpkgs might potentially be affected, but it has 3063 dependents on npm so there's a good chance it's not zero10:42:32
@niklaskorz:korz.devNiklas Korz it doesn't appear to be included in nodePackages at least 10:48:51
@niklaskorz:korz.devNiklas Korznever mind, it is10:50:07
@steeringwheelrules:tchncs.de@steeringwheelrules:tchncs.de joined the room.15:49:30
@hexa:lossy.networkhexa

https://www.postgresql.org/message-id/173945575457.197393.6175786842655230205%40wrigleys.postgresql.org
https://www.postgresql.org/about/news/postgresql-173-167-1511-1416-and-1319-released-3015/

ma27

16:37:38

Show newer messages

Back to Room ListRoom Version: 6