!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

660 Members
Coordination and triage of security issues in nixpkgs | Discussions in #security-discuss:nixos.org | Open PRs: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+label%3A%221.severity%3A+security%22205 Servers

Load older messages

SenderMessageTime
13 Jan 2025
@niklaskorz:korz.devNiklas Korz Not sure if these are the same that were fixed in vaultwarden 1.32.7 three weeks ago:
https://chaos.social/@fbausch/113821745299078611 		15:28:46
@niklaskorz:korz.devNiklas Korz I think they're all already fixed in the version of vaultwarden we ship 15:29:40
@hexa:lossy.networkhexaearlier15:29:53
@hexa:lossy.networkhexathey were fixed in 1.32.515:30:14
@niklaskorz:korz.devNiklas KorzI see, thanks!15:33:12
14 Jan 2025
@hexa:lossy.networkhexahttps://www.openwall.com/lists/oss-security/2025/01/14/4 git 18:14:18
@hexa:lossy.networkhexahttps://kb.cert.org/vuls/id/952657 rsync 18:14:40
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/32201218:14:46
@hexa:lossy.networkhexa* https://github.com/NixOS/nixpkgs/pull/37378418:15:01
@tgerbet:matrix.orgtgerbetCurrently building 2.47.2 :) 18:16:42
@tgerbet:matrix.orgtgerbet* Currently building 2.47.2 :) https://github.com/NixOS/nixpkgs/pull/37378418:31:52
@tgerbet:matrix.orgtgerbet* Currently building 2.47.2 :) https://github.com/NixOS/nixpkgs/pull/37380118:32:10
@aidalgol:matrix.orgaidalgolhttps://www.yubico.com/support/security-advisories/ysa-2025-01/18:44:43
@hexa:lossy.networkhexa

No Yubico hardware is affected.

18:45:16
@hexa:lossy.networkhexapam-u2f18:45:29
@aidalgol:matrix.orgaidalgolAIUI, it's the PAM module for using U2F.18:46:18
@sophie:catgirl.cloudā›§-440729 [sophie raven] (it/its) changed their profile picture.18:56:36
@tgerbet:matrix.orgtgerbethttps://github.com/NixOS/nixpkgs/pull/37381819:30:17
@luke:vuksta.comLuke joined the room.20:47:26
15 Jan 2025
@leon:lhax.xyzleon joined the room.08:21:09
@ss:someonex.netSomeoneSerge (back on matrix) changed their display name from SomeoneSerge (utc+3) to SomeoneSerge.19:01:56
17 Jan 2025
@jwagner:wdz.deJohann Wagner changed their display name from Johann to Johann Wanger (hier nicht erreichbar).09:25:54
@jwagner:wdz.deJohann Wagner changed their display name from Johann Wanger (hier nicht erreichbar) to Johann Wagner.09:31:02
18 Jan 2025
@phileas:asra.grsyd installs gentoo (they/them) changed their display name from syd 9291 (they/them) to syd installs gentoo (they/them).16:26:46
19 Jan 2025
@rgrunbla:matrix.org@rgrunbla:matrix.org left the room.09:36:52
20 Jan 2025
@tgerbet:matrix.orgtgerbet vim Philip Taron (UTC-8) https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955 22:21:02
21 Jan 2025
@philiptaron:matrix.orgPhilip Taron (UTC-8)
In reply to @tgerbet:matrix.org
vim Philip Taron (UTC-8) https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955
Iā€™m next at a computer tomorrow morning. Thanks for the heads up. Looks relatively minor all told. 		01:44:04
@oak:universumi.fioak šŸ³ļøā€šŸŒˆā™„ļø changed their profile picture.22:35:37
@oak:universumi.fioak šŸ³ļøā€šŸŒˆā™„ļø changed their profile picture.22:37:18
22 Jan 2025
@philiptaron:matrix.orgPhilip Taron (UTC-8)https://github.com/NixOS/nixpkgs/pull/37589117:50:49

Show newer messages

Back to Room ListRoom Version: 6