| 10 Aug 2025 |
|  cafkafk joined the room. | 19:19:00 |
| 12 Aug 2025 |
|  @psalden:matrix.org left the room. | 06:56:18 |
| 13 Aug 2025 |
 hexa | https://seclists.org/oss-sec/2025/q3/98 | 18:17:03 |
| hexa | * https://seclists.org/oss-sec/2025/q3/98 nginx | 18:17:04 |
| hexa | * https://seclists.org/oss-sec/2025/q3/98 nginx ngx_mail_smtp_module | 18:17:27 |
| 14 Aug 2025 |
|  @jh-devv:matrix.org left the room. | 15:13:56 |
 h0nig2k | https://github.com/NixOS/nixpkgs/pull/433756 | 19:24:51 |
 Grimmauld (any/all) | https://nvd.nist.gov/vuln/detail/CVE-2025-47807
https://nvd.nist.gov/vuln/detail/CVE-2025-47806
https://nvd.nist.gov/vuln/detail/CVE-2025-47219
https://nvd.nist.gov/vuln/detail/CVE-2025-47183
https://nvd.nist.gov/vuln/detail/CVE-2025-47808
https://github.com/NixOS/nixpkgs/pull/420649
(was already merged, but still putting this here for documentations sake) | 19:37:21 |
| Grimmauld (any/all) | * GStreamer:
https://nvd.nist.gov/vuln/detail/CVE-2025-47807
https://nvd.nist.gov/vuln/detail/CVE-2025-47806
https://nvd.nist.gov/vuln/detail/CVE-2025-47219
https://nvd.nist.gov/vuln/detail/CVE-2025-47183
https://nvd.nist.gov/vuln/detail/CVE-2025-47808
https://github.com/NixOS/nixpkgs/pull/420649
(was already merged, but still putting this here for documentations sake) | 19:42:42 |
 Lun | https://github.com/NixOS/nixpkgs/pull/433769 | 22:45:10 |
| 15 Aug 2025 |
|  @flipperskip:matrix.org left the room. | 04:11:40 |
|  sorrel joined the room. | 09:52:27 |
| 16 Aug 2025 |
| Grimmauld (any/all) | ImageMagick:
CVE-2025-55005: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp
CVE-2025-55004: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw
CVE-2025-55160: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x
https://github.com/NixOS/nixpkgs/pull/433249 | 13:01:19 |
|  17lifers (Ryan) joined the room. | 21:34:16 |
| 17 Aug 2025 |
|  @maridonkers:matrix.org left the room. | 19:07:13 |
| 22 Aug 2025 |
|  June joined the room. | 02:57:43 |
|  @julian:nekover.se left the room. | 03:09:18 |
 leona | valkey security release https://github.com/valkey-io/valkey/releases/tag/8.0.5 | 15:00:50 |
| leona | as far as i see only affects 25.05. https://github.com/NixOS/nixpkgs/pull/435905 | 15:06:30 |
|  elikoga changed their profile picture. | 17:28:13 |
|  odoom joined the room. | 21:33:14 |
| 24 Aug 2025 |
|  Honnip joined the room. | 13:29:06 |
| 25 Aug 2025 |
 lennart | hej, could someone who is allowed to delete Issues in NixOS/nixpkgs write me directly? I found a vulnerability in a software, made an issue in nixpkgs which partly was about that vuln. upstream asks to please delete the ticket. | 09:31:16 |
| lennart | my fuckupā¦ | 09:31:33 |
| lennart | already wrote hexa, I guess he's sleeping or busy :) https://github.com/orgs/NixOS/people/security_managers | 09:33:22 |
| lennart | lassulus did the dead, thanks | 09:35:17 |
 SigmaSquadron | we should consider that security vulnerability leaked to the public already, as there may be an archive of the deleted issue. | 09:49:01 |
| SigmaSquadron | * | 09:49:15 |
 tgerbet | Upstream should consider the issue public. Information is likely still accessible in GitHub events
Full disclosure is better than half disclosed (and apparently the tendency these days is to publish emboarged issues on public ML š« ) | 10:27:45 |
| lennart | It's not related to nixpkgs, only upstream. | 10:28:01 |
