| 19 May 2026 |
 hexa | Redacted or Malformed Event | 14:55:39 |
| hexa | Redacted or Malformed Event | 14:55:42 |
 K900 | So people don't have to run back to patch their systems every other day | 14:55:44 |
 Nina Fromm | But that'd be bad for marketing ☝️ | 14:55:59 |
| hexa | back to #security-discuss:nixos.org, there is nothing to triage here | 14:56:53 |
 Grimmauld (any/all) | Ah oops, that didn't show up in PR search at all and also is older than the gimp release (was updated after it was opened), sorry | 14:57:13 |
|  todo joined the room. | 15:41:37 |
 Sandro 🐧 | But it isn't even Friday :( | 20:23:49 |
| hexa | kitty https://db.gcve.eu/vuln/cve-2026-33642 | 20:48:18 |
|  amadaluzia changed their profile picture. | 20:56:44 |
| 20 May 2026 |
| hexa | https://www.drupal.org/psa-2026-05-18 today | 08:33:03 |
| hexa | unbound https://nlnetlabs.nl/news/2026/May/20/unbound-1.25.1-released/ Scrumplex | 09:31:13 |
| hexa | rsync https://seclists.org/oss-sec/2026/q2/620 balsoft dish [Fox/It/She] | 09:31:51 |
 dish [Fox/It/She] | In reply to @hexa:lossy.network
rsync https://seclists.org/oss-sec/2026/q2/620 balsoft dish [Fox/It/She] working on an update now | 12:32:57 |
| dish [Fox/It/She] | https://github.com/NixOS/nixpkgs/pull/522245 | 13:48:57 |
| dish [Fox/It/She] | https://w.on-t.work/activitypub/may-2026-vulnerability
seems like most activitypub servers may have security releases | 14:23:00 |
| hexa | https://seclists.org/oss-sec/2026/q2/630 apparmor Grimmauld (any/all) | 16:47:59 |
| hexa | https://seclists.org/oss-sec/2026/q2/626 pdns Mic92 | 16:48:39 |
| hexa | https://seclists.org/oss-sec/2026/q2/625 bind9 (unmaintained) | 16:48:56 |
 Mic92 | I am not even using pdns. | 18:33:52 |
| Mic92 | Just a nix-update should be enough on this | 18:34:33 |
 leona | but you are listed as maintainer. | 18:34:35 |
| Mic92 | I will fix that part | 18:43:23 |
| hexa | https://seclists.org/oss-sec/2026/q2/633 cockpit andre4ik3 | 19:49:36 |
 andre4ik3 | It’s not too bad, it’s command injection for authenticated users, but users have shell access anyway as a built-in feature for cockpit. There’s an automatic PR to update to the patched version I’ll test it and merge within the next hour or so. https://github.com/NixOS/nixpkgs/pull/522264 | 19:56:12 |
| 21 May 2026 |
 Bart | someone else bumped, seems fine https://github.com/NixOS/nixpkgs/pull/522407 | 09:13:37 |
| Bart | https://github.com/NixOS/nixpkgs/pull/522600 | 10:02:53 |
| Bart | https://github.com/NixOS/nixpkgs/pull/522602 manual stable bump, ci complains because this is not a backport | 10:03:36 |
 Hythera | PR is drafted so the maintainer coulnd't merge it themselves.
https://github.com/NixOS/nixpkgs/pull/513508 | 14:06:09 |
| Hythera | * PR is drafted so the maintainer couldn't merge it themselve.
https://github.com/NixOS/nixpkgs/pull/513508 | 14:06:36 |
