!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

691 Members
Coordination and triage of security issues in nixpkgs216 Servers

Load older messages

SenderMessageTime
16 Feb 2025
@aloisw:julia0815.dealoisw changed their profile picture.10:14:33
@niklaskorz:korz.devNiklas Korzhttps://github.com/indutny/elliptic/security/advisories/GHSA-vjh7-7g9h-fjfh no idea how to find out what of nixpkgs might potentially be affected, but it has 3063 dependents on npm so there's a good chance it's not zero10:42:32
@niklaskorz:korz.devNiklas Korz it doesn't appear to be included in nodePackages at least 10:48:51
@niklaskorz:korz.devNiklas Korznever mind, it is10:50:07
@steeringwheelrules:tchncs.de@steeringwheelrules:tchncs.de joined the room.15:49:30
@hexa:lossy.networkhexa

https://www.postgresql.org/message-id/173945575457.197393.6175786842655230205%40wrigleys.postgresql.org
https://www.postgresql.org/about/news/postgresql-173-167-1511-1416-and-1319-released-3015/

ma27

16:37:38
@vcunat:matrix.orgvcunathttps://github.com/NixOS/nixpkgs/pull/38228216:38:33
@ma27:nicht-so.sexyma27 WIP already: https://github.com/NixOS/nixpkgs/pull/382282 16:38:35
@hexa:lossy.networkhexaI suck at searching the PR tracker, sowwy 😄 16:39:35
17 Feb 2025
@sandro:supersandro.deSandroin:title is usually required to find things17:54:09
18 Feb 2025
@hexa:lossy.networkhexahttps://www.openwall.com/lists/oss-security/2025/02/18/111:39:02
@hexa:lossy.networkhexaopenssh11:39:05
@arianvp:matrix.orgArianVerifyHostKeyDNS is not enabled by default on nixos right11:41:20
@niklaskorz:korz.devNiklas Korzno, but there are at least some public configs enabling it: https://grep.app/search?f.lang=Nix&f.lang.pattern=nix&q=VerifyHostKeyDNS11:44:04
@arianvp:matrix.orgArianI definitely had it enabled in my homelab before because if was using SSHFP11:45:11
@niklaskorz:korz.devNiklas Korz oh, NuschtOS enables it by default (cc Sandro 🐧 👀) 11:45:16
@sandro:supersandro.deSandrohttps://www.openssh.com/releasenotes.html#9.9p212:10:24
@sandro:supersandro.deSandroI don't see a PR yet12:11:53
@tgerbet:matrix.orgtgerbetI'm running the tests right now12:45:25
@stites:matrix.org@stites:matrix.org left the room.12:54:35
@tgerbet:matrix.orgtgerbethttps://github.com/NixOS/nixpkgs/pull/38309613:07:40
@emilazy:matrix.orgemily I believe VerifyHostKeyDNS is only safe if you are running a DNSSEC-validating resolver locally. caveat emptor 18:49:56
@emilazy:matrix.orgemily(I mean, even post-fix.)18:50:01
@leona:leona.isleonafun with grub https://www.openwall.com/lists/oss-security/2025/02/18/319:15:47
@hexa:lossy.networkhexaunmaintained … rip19:29:09
19 Feb 2025
@sss:matrix.dark-alexandr.netsss 20:06:15
@hexa:lossy.networkhexa https://www.openwall.com/lists/oss-security/2025/02/19/1 exim @[0x4A6F] 23:28:01
@hexa:lossy.networkhexa
In reply to@leona:leona.is
fun with grub https://www.openwall.com/lists/oss-security/2025/02/18/3
[SECURITY PATCH 00/73] GRUB2 vulnerabilities - 2025/02/18, Daniel Kiper <=

<del>let's just casually apply this 73 patches</del> 		23:29:47
@hexa:lossy.networkhexa
[SECURITY PATCH 00/73] GRUB2 vulnerabilities - 2025/02/18, Daniel Kiper <=

let's just casually apply this 73 patches 		23:29:52
@hexa:lossy.networkhexa
[SECURITY PATCH 00/73] GRUB2 vulnerabilities - 2025/02/18, Daniel Kiper <=

let's just casually apply these 73 patches 		23:29:59

Show newer messages

Back to Room ListRoom Version: 6