!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

721 Members
Coordination and triage of security issues in nixpkgs | Discussions in #security-discuss:nixos.org | Open PRs: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+label%3A%221.severity%3A+security%22221 Servers

Load older messages

SenderMessageTime
18 Jun 2026
@sandro:supersandro.deSandro 🐧https://github.com/hedgedoc/hedgedoc/releases/tag/1.11.022:14:51
@sandro:supersandro.deSandro 🐧https://github.com/NixOS/nixpkgs/pull/53312823:12:42
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/53314323:42:38
19 Jun 2026
@violet_cookie_bytes:tchncs.dewhoami [violet_cookie_bytes] joined the room.12:20:04
@robert:funklause.dedotlambdaIt looks like nobody is maintaining our MariaDB packages: https://github.com/NixOS/nixpkgs/pull/50749118:43:04
@sammy:cherrykitten.gay@sammy:cherrykitten.gay left the room.20:44:53
20 Jun 2026
@sandro:supersandro.deSandro 🐧22 CVEs https://github.com/jqlang/jq/releases/tag/jq-1.8.222:01:14
@bart:bartoostveen.nlBarton it22:41:41
@bart:bartoostveen.nlBart Forgot to mention, but this seems to be working https://github.com/NixOS/nixpkgs/pull/533754 22:54:36
@bart:bartoostveen.nlBartWaiting for my poor laptop to build staging as well22:54:55
@bart:bartoostveen.nlBart(almost done)22:55:00
@bart:bartoostveen.nlBartVerified as well22:57:55
@bart:bartoostveen.nlBartShould be ready for staging and backports as well22:58:05
21 Jun 2026
@havaker:matrix.orghavaker joined the room.01:53:58
22 Jun 2026
@blitz:chat.x86.lolblitzThe time to write parsers in C is really over08:07:58
@9lore:tchncs.de9lore joined the room.13:49:32
@9lore:tchncs.de9loreHi, y'all aware of these recent SSH vulns? https://nvd.nist.gov/vuln/detail/CVE-2026-55200 https://nvd.nist.gov/vuln/detail/CVE-2026-5519913:51:58
@hexa:lossy.networkhexalibssh2, yes13:52:31
@hexa:lossy.networkhexano release in 2 years and the patches don't seem to apply cleanly13:52:50
@hexa:lossy.networkhexavery exciting.13:53:07
@hexa:lossy.networkhexaRedacted or Malformed Event13:53:10
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/issues/53292013:53:53
@hexa:lossy.networkhexa cc Sandro 🐧 13:54:14
@9lore:tchncs.de9lorefun13:56:06
@sandro:supersandro.deSandro 🐧I cannot remember why I ended up maintaining that package 😅15:42:36
@sandro:supersandro.deSandro 🐧Why are all the issues memory problems?! https://github.com/libssh2/libssh2/issues?q=sort%3Aupdated-desc+is%3Aissue+state%3Aopen+15:46:43
@sandro:supersandro.deSandro 🐧I asked upstream for a new release https://github.com/libssh2/libssh2/issues/211815:47:58
@bart:bartoostveen.nlBart

Few major CVEs on ffmpeg 5, 6 and 8:

CVE-2025-22921, CVE-2026-8461, CVE-2026-30997, CVE-2026-40962

https://github.com/NixOS/nixpkgs/pull/534374
https://github.com/NixOS/nixpkgs/pull/534379
https://github.com/NixOS/nixpkgs/pull/534378

(and ffmepg 4.4.8 while we're at it: https://github.com/NixOS/nixpkgs/pull/534377)

21:22:17
@bart:bartoostveen.nlBart I'm busy building, but it takes a long time :( 21:22:38
@bart:bartoostveen.nlBart *

Few major CVEs on ffmpeg 5, 6 and 8:

CVE-2025-22921, CVE-2026-8461, CVE-2026-30997, CVE-2026-40962

https://github.com/NixOS/nixpkgs/pull/534374 (staging)
https://github.com/NixOS/nixpkgs/pull/534379
https://github.com/NixOS/nixpkgs/pull/534378

(and ffmepg 4.4.8 while we're at it: https://github.com/NixOS/nixpkgs/pull/534377)

21:22:43

Show newer messages

Back to Room ListRoom Version: 6