!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

703 Members
Coordination and triage of security issues in nixpkgs215 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
11 Mar 2025
@3wy-kra:matrix.uni-hannover.de@3wy-kra:matrix.uni-hannover.de joined the room.16:59:37
12 Mar 2025
@paq:matrix.orgpaq joined the room.09:25:20
@hexa:lossy.networkhexahttps://security.opensuse.org/2025/03/12/below-world-writable-log-dir.html15:30:08
@hexa:lossy.networkhexa

Upstream released a bugfix in version v0.9.0 and a security advisory on GitHub.

15:30:22
@hexa:lossy.networkhexa globin: 15:30:29
@hexa:lossy.networkhexa * globin please 15:30:33
13 Mar 2025
@globin:toznenetl.chatglobin On holiday right now, just tried but fetchCargoVendor seems to download too old dependencies and currently no further time to investigate, will only be able to check further end of next week. 21:13:37
@globin:toznenetl.chatglobin * On holiday right now, just tried but fetchCargoVendor seems to download too old dependencies and currently no further time to investigate, will only be able to check end of next week. 21:13:40
14 Mar 2025
@hexa:lossy.networkhexahttps://blog.hartwork.org/posts/expat-2-7-0-released/17:05:47
@niklaskorz:korz.devNiklas Korz
In reply to @globin:toznenetl.chat
On holiday right now, just tried but fetchCargoVendor seems to download too old dependencies and currently no further time to investigate, will only be able to check end of next week.
yup they bumped anyhow in upstream but did not update their lockfile in the process... 		18:15:01
15 Mar 2025
@vcunat:matrix.orgvcunathttps://github.com/NixOS/nixpkgs/pull/39005208:49:15
18 Mar 2025
@philipp:xndr.dephilipp https://security.opensuse.org/2025/03/12/below-world-writable-log-dir.html I think this is still expolitable in nixos. Package is not updated and no other mitigations seem to be in place. 09:34:34
@sigmasquadron:matrix.orgSigmaSquadron
In reply to @philipp:xndr.de
https://security.opensuse.org/2025/03/12/below-world-writable-log-dir.html I think this is still expolitable in nixos. Package is not updated and no other mitigations seem to be in place.
On it! 		09:56:46
@sigmasquadron:matrix.orgSigmaSquadronhttps://github.com/NixOS/nixpkgs/pull/39092510:49:37
19 Mar 2025
@bluebirdlamentations:matrix.org@bluebirdlamentations:matrix.org joined the room.17:02:51
@bluebirdlamentations:matrix.org@bluebirdlamentations:matrix.org changed their display name from Bluebird to qenya.17:03:10
20 Mar 2025
@hexa:lossy.networkhexa https://webkitgtk.org/security/WSA-2025-0002.html Jan Tojnar 20:46:37
@egrieco:matrix.orgegrieco joined the room.23:43:08
21 Mar 2025
@domenkozar:matrix.orgDomen Kožar changed their profile picture.11:39:08
@jtojnar:matrix.orgJan Tojnarthanks, currently building it https://github.com/NixOS/nixpkgs/pull/39194822:39:44

Show newer messages

Back to Room ListRoom Version: 6