!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

733 Members
Coordination and triage of security issues in nixpkgs228 Servers

Load older messages

SenderMessageTime
11 May 2026
@tgerbet:matrix.orgtgerbetDNSMasq coordinated release (cache poisoning, privesc...) https://www.kb.cert.org/vuls/id/471747 https://github.com/NixOS/nixpkgs/pull/51908217:34:09
@hexa:lossy.networkhexa

dnsmasq has released version 2.93 to fix the above vulnerabilities

17:36:23
@hexa:lossy.networkhexa

dnsmasq: 2.92 -> 2.92rel2

17:36:33
@hexa:lossy.networkhexahttps://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html17:37:29
@hexa:lossy.networkhexa

With luck, 2.93 could be out in a week or so.

17:37:33
@tgerbet:matrix.orgtgerbetRequested an update of the CERT/CC advisory in the internal case...17:40:14
@flx-:matrix.orgflxhttps://github.com/NixOS/nixpkgs/pull/51843023:24:08
12 May 2026
@harinn:matrix.orgHarinn joined the room.18:14:40
@flx-:matrix.orgflxhttps://github.com/NixOS/nixpkgs/pull/51950218:32:28
13 May 2026
@flx-:matrix.orgflxhttps://github.com/NixOS/nixpkgs/pull/51988219:12:05
@numinit:matrix.orgMorgan (@numinit)

https://depthfirst.com/nginx-rift

FYI, nginx 😬, seems to trigger with captures in rewrite

19:15:16
@tgerbet:matrix.orgtgerbethttps://nginx.org/en/CHANGES https://nginx.org/en/CHANGES-1.30 There are also other sec issues in the releases nginxMainline will need a 1.29 -> 1.31 bump. It would be nice if someone could handle it, I have done the last nginx upgrades but I'm not close to a laptop until tomorrow night19:23:09
@numinit:matrix.orgMorgan (@numinit)It's looking like a "tonight" thing for me (so several hours)19:23:44
@hexa:lossy.networkhexahttps://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/19:35:01
@hexa:lossy.networkhexa ma27 19:35:22
@sandro:supersandro.deSandrountested https://github.com/NixOS/nixpkgs/pull/51989319:46:05
19 May 2021
@grahamc:nixos.org@grahamc:nixos.org set the history visibility to "world_readable".22:57:54
@grahamc:nixos.org@grahamc:nixos.org changed the room name to "" from "".22:57:54
@andreas.schraegle:helsinki-systems.deajs124 joined the room.22:58:46
@andi:kack.itandi- joined the room.23:00:51
@hexa:lossy.networkhexa joined the room.23:01:24
@sushi_dude:matrix.orgSushi Dude joined the room.23:04:45
@0x4a6f:matrix.org[0x4A6F] joined the room.23:04:54
@sumner:sumnerevans.comsumner joined the room.23:11:04
@sugi:matrix.besaid.desugi joined the room.23:24:52
@foxboron:archlinux.orgFoxboron joined the room.23:32:00
@adisbladis:matrix.orgadisbladis joined the room.23:43:35
20 May 2021
@sandro:supersandro.deSandro joined the room.00:06:39
@schatztruhe:stratum0.orgnora joined the room.00:31:53
@mkos:matrix.orgMark joined the room.00:38:14

Show newer messages

Back to Room ListRoom Version: 6