!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

686 Members
Coordination and triage of security issues in nixpkgs215 Servers

Load older messages

SenderMessageTime
10 Jun 2025
@hexa:lossy.networkhexa K900: https://kde.org/info/security/advisory-20250609-1.txt konsole 23:51:04
@hexa:lossy.networkhexa * K900: https://kde.org/info/security/advisory-20250609-1.txt konsole https://proofnet.de/publikationen/konsole_rce.html 23:51:11
11 Jun 2025
@k900:0upti.meK900
In reply to @hexa:lossy.network
K900: https://kde.org/info/security/advisory-20250609-1.txt konsole
Fixed in 25.04.2 so we should be good everywhere 		06:23:38
@astodialo:matrix.orgelamon joined the room.15:15:32
@saiko:knifepoint.net@saiko:knifepoint.net changed their profile picture.16:11:59
@saiko:knifepoint.net@saiko:knifepoint.net changed their display name from Katalin 🔪 to Katalin ⚧︎.16:13:21
12 Jun 2025
@sugi:matrix.besaid.desugi changed their profile picture.11:54:22
@stigo:matrix.orgstigoRed Hat just assigned CVEs for these: CVE-2025-5914 CVE-2025-5915 CVE-2025-5916 CVE-2025-5917 CVE-2025-591817:54:47
@stigo:matrix.orgstigo* Red Hat just assigned CVEs for these (in coordination with upstream): CVE-2025-5914 CVE-2025-5915 CVE-2025-5916 CVE-2025-5917 CVE-2025-591817:56:40
@stigo:matrix.orgstigo * Red Hat just recently assigned CVEs for these (in coordination with upstream):
CVE-2025-5914
CVE-2025-5915
CVE-2025-5916
CVE-2025-5917
CVE-2025-5918 		18:02:21
13 Jun 2025
@ma27:nicht-so.sexyma27

https://github.com/NixOS/nixpkgs/pull/416357, grafana 12.0.1+security-01 (fixes CVE-2025-3415).
nothing published yet, so I don't really know what this is about.

about to leave, when I'm back I'll also update the package on 24.11.

07:10:29
@ma27:nicht-so.sexyma27 https://github.com/NixOS/nixpkgs/pull/416418 for 24.11 10:37:25
15 Jun 2025
@c3r5b8:matrix.org@c3r5b8:matrix.org left the room.13:32:29
16 Jun 2025
@adam:robins.wtfadamcstephenshttps://github.com/NixOS/nixpkgs/pull/41724814:06:32
17 Jun 2025
@hexa:lossy.networkhexahttps://insinuator.net/2025/06/disclosure-multiple-vulnerabilities-xserver-xwayland/14:51:36
@hexa:lossy.networkhexa * https://insinuator.net/2025/06/disclosure-multiple-vulnerabilities-xserver-xwayland/ K900 Emantor 14:52:04
@k900:0upti.meK900Woo14:56:19
@k900:0upti.meK900On it14:56:22
@k900:0upti.meK900xwayland: https://github.com/NixOS/nixpkgs/pull/41756815:00:26
@k900:0upti.meK900And xorgserver (staging): https://github.com/NixOS/nixpkgs/pull/41756915:03:29
@hexa:lossy.networkhexahttps://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx unmaintained 😕 22:02:13
@hexa:lossy.networkhexa* https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx unmaintained in nixpkgs 😕 22:02:17
@hexa:lossy.networkhexa

Systems are vulnerable if they use pam_namespace to polyinstantiate a directory

22:02:49
@hexa:lossy.networkhexa https://www.openwall.com/lists/oss-security/2025/06/17/5 libblockdev/udisks Jan Tojnar 22:06:45
18 Jun 2025
@jtojnar:matrix.orgJan Tojnarthanks, opened https://github.com/NixOS/nixpkgs/pull/41776307:20:55
@leona:leona.isleonacan look in around 8 hours if no one beats me to that07:51:03
@h0nig2k:matrix.orgh0nig2khttps://github.com/NixOS/nixpkgs/pull/417898 for CVE-2025-46727 (please backport to 25.05 as well, thank you)15:52:17
@vcunat:matrix.orgvcunat

updated X too soon

A fix will be issued in xorg-server-21.1.18 and xwayland-24.1.8 shortly.

https://lists.x.org/archives/xorg-announce/2025-June/003611.html

16:08:45
@hexa:lossy.networkhexaRedacted or Malformed Event16:23:13
@hexa:lossy.networkhexaRedacted or Malformed Event16:23:39

Show newer messages

Back to Room ListRoom Version: 6