| 27 Jun 2025 |
 Grimmauld (any/all) | https://github.com/NixOS/nixpkgs/pull/403244
anyone wants to look at a long-overdue java update? | 07:12:14 |
 h0nig2k | https://github.com/NixOS/nixpkgs/issues/420588 libarchive just received a CVE with 9,8 | 17:54:00 |
 stigo | Interestingly, RedHat's CVSS score was a bit lower (3.9) when they published it on June 9 | 17:58:47 |
| stigo | They should have been adressed by https://github.com/NixOS/nixpkgs/pull/409300 | 18:00:40 |
| stigo | * I should have been adressed by https://github.com/NixOS/nixpkgs/pull/409300 | 18:01:49 |
| stigo | * It should have been adressed by https://github.com/NixOS/nixpkgs/pull/409300 | 18:01:54 |
| h0nig2k | you are right, i was not aware of the backport, thx! | 18:05:15 |
 hexa | https://www.libssh.org/2025/06/24/libssh-0-11-2-security-and-bugfix-release/ https://github.com/NixOS/nixpkgs/pull/419747 | 20:22:31 |
| 28 Jun 2025 |
| Grimmauld (any/all) | https://github.com/advisories/GHSA-c2mm-9c32-xc37
https://github.com/NixOS/nixpkgs/pull/413267
cc primeos | 15:08:20 |
| Grimmauld (any/all) | according to repology, perl also has an update for security, though i am too unfamiliar with our perl to judge whether we already patched it or not | 15:18:33 |
 tgerbet | Yep it is, was done in https://github.com/NixOS/nixpkgs/pull/398359 | 15:21:20 |
| stigo | nixpkgs was one of the first distros to get patched, and our security team has been added to the pre-release disclosure list for perl-security since then | 17:11:55 |
| 30 Jun 2025 |
| Grimmauld (any/all) | libxml2 (cc Jan Tojnar i guess...):
https://github.com/NixOS/nixpkgs/pull/418280
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.4
https://access.redhat.com/security/cve/CVE-2025-6021 | 09:10:26 |
| Grimmauld (any/all) | * libxml2 (cc Jan Tojnar i guess...):
https://github.com/NixOS/nixpkgs/pull/418280
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.4
https://access.redhat.com/security/cve/CVE-2025-6021
(apparently our bump to tip-of-branch got lucky and includes the cve fix, oh well) | 09:16:24 |
 bwlf | https://www.openwall.com/lists/oss-security/2025/06/30/3 https://www.openwall.com/lists/oss-security/2025/06/30/2
| 16:32:22 |
|  dan_nrw changed their profile picture. | 17:16:27 |
| dan_nrw changed their profile picture. | 17:17:27 |
| tgerbet | https://github.com/NixOS/nixpkgs/pull/421314 | 19:31:01 |
| h0nig2k | python setuptools CVE 7.7 (only 25.05): https://github.com/NixOS/nixpkgs/pull/421343 | 21:18:40 |
| h0nig2k | * python setuptools CVE 7.7 (only 25.05): https://github.com/NixOS/nixpkgs/pull/421350 | 21:48:50 |
| 1 Jul 2025 |
|  djacu joined the room. | 03:29:06 |
| djacu | Hey Security Team
In case you haven't seen the recent post on discourse, the Marketing Team is preparing this year's community survey. I am reaching out to teams to see if there are any questions they would like to add to the survey to better serve the work you all do. More details in the post linked below.
https://discourse.nixos.org/t/community-feedback-requested-2025-nix-community-survey-planning/66155 | 03:29:17 |
|  Pratham Patel changed their display name from Pratham Patel (you can mention me) to Pratham Patel. | 05:10:22 |
| hexa | https://openssl-library.org/news/secadv/20250522.txt Markus Theil | 12:17:09 |
 Markus Theil | Thx for the hint. Will add a PR this evening. | 13:57:22 |
| Markus Theil | All mentioned CVEs are also fixed in the PR for 3.5.0 already merged to staging. Currently used version 3.4.x are not affected. | 13:58:26 |
 SigmaSquadron | XSA #470: https://github.com/NixOS/nixpkgs/pull/421514 | 14:19:12 |
| SigmaSquadron | * XSA #470: https://github.com/NixOS/nixpkgs/pull/421514 | 14:19:50 |
 emily | on it. does it need backporting? | 14:39:36 |
|  zororg joined the room. | 14:55:33 |
