| 8 Oct 2025 |
 @enzime:nixos.dev | hexa thanks for the review | 06:21:45 |
| @enzime:nixos.dev left the room. | 06:21:54 |
 j-k | https://seclists.org/oss-sec/2025/q4/18
Go 1.24.8 and 1.25.2
These minor releases include 10 security fixes
| 08:08:32 |
 K900 | Merged on staging-next minutes ago | 08:09:22 |
|  Felix Schröter changed their display name from Felix Schröter (🌄 29.09. – 05.10.) to Felix Schröter. | 13:09:33 |
| 9 Oct 2025 |
|  srhb set a profile picture. | 07:08:03 |
|  Stefan Nürnberger joined the room. | 09:39:25 |
|  @notgne2:wizbos.club left the room. | 20:10:13 |
| 10 Oct 2025 |
 niklaskorz | https://nvidia.custhelp.com/app/answers/detail/a_id/5703/~/security-bulletin%3A-nvidia-gpu-display-drivers---october-2025 | 12:25:46 |
| niklaskorz | version we're shipping as legacy_535 is again affected but I haven't checked yet if the CVE is relevant to NixOS | 12:26:05 |
| niklaskorz | (personally I'd be in favor of dropping 535 for NixOS 25.11, the only user I'm aware of is @doronbehar, who's not in this channel I think; but we can discuss that in #security-discuss:nixos.org) | 12:26:53 |
| niklaskorz | 570 driver version we're shipping on 25.05 (570.153.02) is also vulnerable (570.195.03 is available with the fixes) | 12:28:32 |
| niklaskorz | default driver on unstable is not affected / already has the fixes | 12:29:15 |
 leona | found a not maintained TLS impl version (mbedtls), marked as vulnerable for now: https://github.com/NixOS/nixpkgs/pull/450688 | 14:25:34 |
| leona | * found a not maintained TLS impl version (mbedtls_2), marked as vulnerable for now: https://github.com/NixOS/nixpkgs/pull/450688 | 14:26:09 |
| niklaskorz | https://github.com/NixOS/nixpkgs/pull/450729 | 16:48:13 |
| 11 Oct 2025 |
|  midischwarz12 joined the room. | 21:01:41 |
| 12 Oct 2025 |
| midischwarz12 removed their profile picture. | 02:45:02 |
| midischwarz12 set a profile picture. | 02:45:11 |
|  Anton (he/him) changed their display name from Anton to Anton (he/him). | 13:18:01 |
| 13 Oct 2025 |
| niklaskorz | nvidia 535 update with beforementioned CVE fixes:
https://github.com/NixOS/nixpkgs/pull/451618 | 09:43:33 |
 hexa | https://seclists.org/oss-sec/2025/q4/26 | 21:54:56 |
| hexa | * https://seclists.org/oss-sec/2025/q4/26 boringssl | 21:55:02 |
| hexa | https://seclists.org/oss-sec/2025/q4/27 poppler | 21:55:17 |
| hexa | requires poppler-25.10.0 | 22:27:01 |
| hexa | * requires poppler-25.10.0 (Jan Tojnar) | 22:27:09 |
| hexa | https://gitlab.freedesktop.org/poppler/poppler/-/commit/4ce27cc826bf90cc8dbbd8a8c87bd913cccd7ec0 | 22:27:29 |
| hexa | https://webkitgtk.org/security/WSA-2025-0007.html webkitgtk | 23:11:01 |
| 14 Oct 2025 |
 vcunat | The boringssl thread doesn't seem very convincing, i.e. no claim is made that the leak goes beyond key length and similar "uninteresting" parameters. | 08:56:06 |
| vcunat | All crypto libs will take longer time when using longer keys, I believe. (up to some exceptions maybe when the difference in length is small) | 08:57:39 |
