!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

688 Members
Coordination and triage of security issues in nixpkgs216 Servers

Load older messages

SenderMessageTime
12 May 2025
@sigmasquadron:matrix.orgSigmaSquadronXSA #469: https://github.com/NixOS/nixpkgs/pull/40650617:19:43
@numinit:matrix.orgMorgan (@numinit)https://www.vusec.net/projects/training-solo/17:22:22
13 May 2025
@kraem:ne.bul.aekraem changed their profile picture.13:51:19
@msanft:matrix.orgMoritz Sanft joined the room.14:53:22
@hexa:lossy.networkhexa https://www.openwall.com/lists/oss-security/2025/05/13/5 leona osnyx (he/him) 15:41:24
@hexa:lossy.networkhexa * https://www.openwall.com/lists/oss-security/2025/05/13/5 leona osnyx (he/him) varnish 15:41:30
14 May 2025
@liberodark:matrix.orgliberodark joined the room.10:14:11
@liberodark:matrix.orgliberodark CVE-2024-57699 : https://github.com/NixOS/nixpkgs/pull/40675210:14:46
@leona:leona.isleonahttps://github.com/NixOS/nixpkgs/pull/40700712:31:52
@kraem:ne.bul.aekraem changed their profile picture.17:28:41
15 May 2025
@hexa:lossy.networkhexa webkitgtk @jtojnar:matrix.org 17:42:41
@hexa:lossy.networkhexahttps://webkitgtk.org/security/WSA-2025-0004.html17:43:25
@jtojnar:matrix.orgJan TojnarThanks, opened https://github.com/NixOS/nixpkgs/pull/40741718:30:09
16 May 2025
@winter:catgirl.cloudWinter joined the room.01:58:58
@hexa:lossy.networkhexa https://www.openwall.com/lists/oss-security/2025/05/16/7 glibc ma27 23:06:10
@emilazy:matrix.orgemilyI suspect the only static setuid program on 90% of NixOS systems is our wrapper?23:06:54
@emilazy:matrix.orgemily which hopefully doesn't dlopen 23:06:58
@emilazy:matrix.orgemilywell, 90% is probably way too low for that figure. also sorry, forgot this was triage room23:07:16
17 May 2025
@s-rein:basketweavers.nets-rein joined the room.03:31:56
@aloisw:julia0815.dealoisw The wrapper uses musl and erases LD_LIBRARY_PATH, so NixOS should indeed be unaffected. 05:00:12
@ma27:nicht-so.sexyma27 Agreed.
I'll prepare an update todya nonetheless since people are using nixpkgs to build all kinds of stuff. 		08:12:34
@vcunat:matrix.orgvcunat Sounds OK for the normal staging* workflow. 08:34:01
@k900:0upti.meK900What's the plan for the next cycle?08:36:37
@k900:0upti.meK900I've got Mesa 25.1.1 and Qt 6.9.1 next week08:36:51
@qyliss:fairydust.spaceAlyssa RossStill looking for Darwin testing on the Meson upgrade https://github.com/NixOS/nixpkgs/pull/40275208:37:33
@qyliss:fairydust.spaceAlyssa RossBut this is the wrong room08:44:58
@ma27:nicht-so.sexyma27

OK we don't have to do anything btw: the advisory states

Fix-Commit: 5451fa962cd0a90a0e2ec1d8910a559ace02bba0 (2.39)

the commit is from 2023 and part of the glibc we're shipping.

08:58:36
@k900:0upti.meK900https://github.com/google/security-research/security/advisories/GHSA-qx2m-rcpc-v43v12:23:49
@k900:0upti.meK900Ayylmao12:24:09
@tgerbet:matrix.orgtgerbetFixed in https://github.com/NixOS/nixpkgs/pull/400278 and https://github.com/NixOS/nixpkgs/pull/403432 It looks like they did not update the fixed version field in the advisory12:26:11

Show newer messages

Back to Room ListRoom Version: 6