!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

657 Members
Coordination and triage of security issues in nixpkgs | Discussions in #security-discuss:nixos.org | Open PRs: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+label%3A%221.severity%3A+security%22204 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
24 Jun 2025
@joerg:thalheim.ioMic92https://github.com/NixOS/nixpkgs/pull/41957514:08:47
@joerg:thalheim.ioMic92* https://github.com/NixOS/nixpkgs/pull/419575 Nix security updates14:08:56
25 Jun 2025
@hxr404:tchncs.dehxr404 ✨ [she/her] changed their display name from hxr404 ✨ [it/she] to hxr404 ✨ [she/her].12:34:23
26 Jun 2025
@hexa:lossy.networkhexa https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm nh2 23:44:04
@nh2:matrix.orgnh2looking23:44:23
@nh2:matrix.orgnh2this is odd, the patch for Ceph 17 was already merged for October 2024: https://github.com/ceph/ceph/pull/60314 The 2 links for the other versions are invalid23:52:24
27 Jun 2025
@nh2:matrix.orgnh2

The correct pull requests for the other versions are:

  • Ceph 18: https://github.com/ceph/ceph/pull/61379
  • Ceph 19: https://github.com/ceph/ceph/pull/63458

I have commented that on one of them.

00:11:06
@nh2:matrix.orgnh2PR for the patch in nixpkgs: https://github.com/NixOS/nixpkgs/pull/42038000:11:12
@nh2:matrix.orgnh2Builds and tests fine, good to merge from my side00:54:24
@redstone-menace:matrix.orgR̴̨͕͇͍̞̮̐̅͆̌̀̉̐͋̈́̃̀͒́̎̅̚̚̚͠͝Ĕ̵̡̛͖͖̟̙̫̱͈̘̞̭͍͍͑̌̄͑̓̋̓̀̈̏̈́͊̇͊͆̉͂̏̀̃̚͘͝͝ͅͅD̶̡̢͔̱̖̮͙͉̘̺͓͍̩̮͈͍͗̃̀̏͌͘͜ͅŚ̸̬̭̯̬͙͇͓̬̩̳̤͚͓̤̩̺͉͖̉͛̓̿̎͊̿̆́̐͂̇͌̄̇̓͘ͅͅT̴̞̫̘̝͇͔̟̪̪̦͂̔̎̀̎ͅŎ̷̡̬̹̪͈̭̣͈̭̭͉̦̖̝̘̪͖͔̥̦̘̻̳Ṋ̶̛̫͈̳̘͚̜̔̋͆̅̈́͊̑͊̉̌̈́̾͑̈́̚ͅË̸̡̨̨̛͇̜̖͔͖̻̟̗̠̙͓̘̗̥͉͇̜͑͆͊͑͑̀̓͒͜͝͝ changed their display name from Redstone to R̴̨͕͇͍̞̮̐̅͆̌̀̉̐͋̈́̃̀͒́̎̅̚̚̚͠͝Ĕ̵̡̛͖͖̟̙̫̱͈̘̞̭͍͍͑̌̄͑̓̋̓̀̈̏̈́͊̇͊͆̉͂̏̀̃̚͘͝͝ͅͅD̶̡̢͔̱̖̮͙͉̘̺͓͍̩̮͈͍͗̃̀̏͌͘͜ͅŚ̸̬̭̯̬͙͇͓̬̩̳̤͚͓̤̩̺͉͖̉͛̓̿̎͊̿̆́̐͂̇͌̄̇̓͘ͅͅT̴̞̫̘̝͇͔̟̪̪̦͂̔̎̀̎ͅŎ̷̡̬̹̪͈̭̣͈̭̭͉̦̖̝̘̪͖͔̥̦̘̻̳Ṋ̶̛̫͈̳̘͚̜̔̋͆̅̈́͊̑͊̉̌̈́̾͑̈́̚ͅË̸̡̨̨̛͇̜̖͔͖̻̟̗̠̙͓̘̗̥͉͇̜͑͆͊͑͑̀̓͒͜͝͝.00:55:32
@grimmauld:grapevine.grimmauld.deGrimmauld (any/all)https://github.com/NixOS/nixpkgs/pull/403244 anyone wants to look at a long-overdue java update?07:12:14
@h0nig2k:matrix.orgh0nig2khttps://github.com/NixOS/nixpkgs/issues/420588 libarchive just received a CVE with 9,817:54:00
@stigo:matrix.orgstigoInterestingly, RedHat's CVSS score was a bit lower (3.9) when they published it on June 917:58:47
@stigo:matrix.orgstigoThey should have been adressed by https://github.com/NixOS/nixpkgs/pull/40930018:00:40
@stigo:matrix.orgstigo* I should have been adressed by https://github.com/NixOS/nixpkgs/pull/40930018:01:49
@stigo:matrix.orgstigo* It should have been adressed by https://github.com/NixOS/nixpkgs/pull/40930018:01:54
@h0nig2k:matrix.orgh0nig2k you are right, i was not aware of the backport, thx! 18:05:15
@hexa:lossy.networkhexahttps://www.libssh.org/2025/06/24/libssh-0-11-2-security-and-bugfix-release/ https://github.com/NixOS/nixpkgs/pull/41974720:22:31

Show newer messages

Back to Room ListRoom Version: 6