!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

733 Members
Coordination and triage of security issues in nixpkgs228 Servers

Load older messages

SenderMessageTime
27 Apr 2026
@vcunat:matrix.orgvcunat (thinking of that because of staging-next-25.11 in progress) 14:11:13
@samuel.dionne-riel:cyberus-technology.deSamuel Dionne-RielI don't know if I have the knowledge to state for sure, but “64-bit exploitation primitives verified”, just demonstrated on 32-bit?14:12:22
@vcunat:matrix.orgvcunatAh, right. I read the line but missed the "exploitation" word and thus didn't get the meaning.14:13:39
@paul:koeck.devPaul left the room.14:16:56
@vcunat:matrix.orgvcunat Considering the rebuild amount etc, I pulled it to staging-next-25.11 as well. 14:26:18
@ninja:worldethicaldataforum.orgNinja joined the room.14:39:05
@stigo:matrix.orgstigoBtw, if someone feels like merging this: https://github.com/NixOS/nixpkgs/pull/513690 (CryptX rng+fork() bug)19:14:18
28 Apr 2026
@aangularframework:matrix.orgAangularity joined the room.04:38:20
@samuel.dionne-riel:cyberus-technology.deSamuel Dionne-Rielhttps://github.com/NixOS/nixpkgs/pull/512192#issuecomment-433911801321:16:29
@hexa:lossy.networkhexahttps://www.openwall.com/lists/oss-security/2026/04/28/2023:45:11
@whispers:catgirl.cloudwhispers [& it/fae]looks like a non-issue: https://seclists.org/oss-sec/2026/q2/257. our source tarball has the correct line.23:55:36
@whispers:catgirl.cloudwhispers [& it/fae] looks like a non-issue: https://seclists.org/oss-sec/2026/q2/257. our source tarball (decompressed from traceroute/traceroute.c) has the correct line. 23:56:02
@whispers:catgirl.cloudwhispers [& it/fae] looks like a non-issue: https://seclists.org/oss-sec/2026/q2/257. our source tarball (decompressed from traceroute.src) has the correct line. 23:56:12
@whispers:catgirl.cloudwhispers [& it/fae] looks like a non-issue: https://www.openwall.com/lists/oss-security/2026/04/28/22. our source tarball (decompressed from traceroute.src) has the correct line. 23:58:53
29 Apr 2026
@hexa:lossy.networkhexa https://www.openwall.com/lists/oss-security/2026/04/29/1 starman stigo 00:19:07
@stigo:matrix.orgstigohttps://github.com/NixOS/nixpkgs/pull/51460100:52:28
@hexa:lossy.networkhexa Scrumplex curl 07:44:43
@hexa:lossy.networkhexaRedacted or Malformed Event07:45:11
@samuel.dionne-riel:cyberus-technology.deSamuel Dionne-Rielhttps://github.com/NixOS/nixpkgs/pull/51406313:01:15
@stigo:matrix.orgstigohttps://github.com/NixOS/nixpkgs/pull/514747 <-- perlPackages.TextCSV_XS14:35:51
@brett:librum.orgbrett 💕 joined the room.21:08:26
@stigo:matrix.orgstigohttps://github.com/NixOS/nixpkgs/pull/514896 <-- perlPackages.Plack23:42:27
30 Apr 2026
@sigmasquadron:matrix.orgFernando Rodrigueshttps://github.com/NixOS/nixpkgs/pull/514428 | Xen Security Advisories #483-488 (when applicable)06:24:34
@vcunat:matrix.orgvcunathttps://lists.gnutls.org/pipermail/gnutls-help/2026-April/004922.html07:34:27
@vcunat:matrix.orgvcunat(I can have a look later to update.)07:34:44
@vcunat:matrix.orgvcunatI don't see this mentioned in nixpkgs issues+PRs yet: https://copy.fail08:17:44
@vcunat:matrix.orgvcunat(kernel, CVE-2026-31431)08:18:01
@leona:leona.isleona it's discussed heavly over in #security-discuss:nixos.org 08:18:05
@leona:leona.isleona(we wait for the 6.12 release, greg will do sometime today likely)08:18:20
@vcunat:matrix.orgvcunathttps://github.com/NixOS/nixpkgs/pull/51501609:20:14

Show newer messages

Back to Room ListRoom Version: 6