!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

752 Members
Coordination and triage of security issues in nixpkgs229 Servers

Load older messages

SenderMessageTime
15 May 2026
@bart:bartoostveen.nlBart https://github.com/NixOS/nixpkgs/pull/517598 12:03:38
@kuflierl:matrix.orgkuflierlhttps://github.com/NixOS/nixpkgs/pull/52064622:58:40
16 May 2026
@jwh4j4ez25q:matrix.orgmaurice joined the room.10:04:53
17 May 2026
@numinit:matrix.orgMorgan (@numinit)

BIND preannouncing that they are publishing a new release on May 20

https://lists.isc.org/pipermail/bind-announce/2026-May/001294.html

20:47:14
18 May 2026
@blitz:chat.x86.lolblitzhttps://github.com/NixOS/nixpkgs/pull/517358 <- does anyone know why this is not merged?08:06:15
@qyliss:fairydust.spaceAlyssa RossQueued08:08:37
@blitz:chat.x86.lolblitzThank you!!08:08:49
@grimmauld:m.grimmauld.deGrimmauld (any/all) https://www.gimp.org/news/2026/04/19/gimp-3-2-4-released/

Security contributors bb1abu, HanTul, Rakan Alotaib, JungWoo Park, and Bronson Yen studied our image import plug-ins and reported several possible issues. We appreciate their code review and mitigation suggestions! Gabriele Barbe and Alx Sa implemented their suggestions for APNG, PAA, PNG, DDS, PSP, PNM, PSD, JIF, PVR, TIM, XWD, and SFW files.

No PR open to update gimp yet, seems there are a few image parsing issues fixed in 3.2.4. Apparently also includes potential RCE. 		10:23:04
19 May 2026
@arcayr:mischief.expertarcayrit doesn't look like there's one in yet so i'll try do it in the next couple hours.01:48:21
@sandro:supersandro.deSandro There two now, one from 31th March and one form 8 hours ago 14:24:05
@netali:cuties.devJennyThe next Linux LPE: https://github.com/v12-security/pocs/tree/main/pintheft14:52:15
@hexa:lossy.networkhexarequires the rds kmod14:54:12
@hexa:lossy.networkhexaanother win for module lockdown14:54:19
@k900:0upti.meK900Can I just say that those v12 people are pissing me off14:54:39
@hexa:lossy.networkhexa 
 modprobe rds
modprobe: ERROR: could not insert 'rds': Operation not permitted
14:54:41
@hexa:lossy.networkhexaRedacted or Malformed Event14:54:44
@k900:0upti.meK900 At this point they're very clearly drip feeding the shit they found 14:54:55
@k900:0upti.meK900As an ad for their LLM shit14:55:08
@hexa:lossy.networkhexayou can, but there is no expectation of responsible disclosure anymore for linux lpe14:55:15
@hexa:lossy.networkhexaRedacted or Malformed Event14:55:17
@hexa:lossy.networkhexaso I'm going back to say defense in depth14:55:35
@k900:0upti.meK900 At least have the common decency to drop everything you've found at the same time 14:55:36
@hexa:lossy.networkhexaRedacted or Malformed Event14:55:39
@hexa:lossy.networkhexaRedacted or Malformed Event14:55:42
@k900:0upti.meK900 So people don't have to run back to patch their systems every other day 14:55:44
@nina.fromm:cyberus-technology.deNina FrommBut that'd be bad for marketing ☝️14:55:59
@hexa:lossy.networkhexa back to #security-discuss:nixos.org, there is nothing to triage here 14:56:53
@grimmauld:m.grimmauld.deGrimmauld (any/all) Ah oops, that didn't show up in PR search at all and also is older than the gimp release (was updated after it was opened), sorry 14:57:13
@todoqki:matrix.orgtodo joined the room.15:41:37
@sandro:supersandro.deSandroBut it isn't even Friday :(20:23:49

Show newer messages

Back to Room ListRoom Version: 6