!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

718 Members
Coordination and triage of security issues in nixpkgs220 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
10 Jul 2025
@hexa:lossy.networkhexaother distros, e.g. fedora, are still shipping it12:15:10
@hexa:lossy.networkhexa -> #security-discuss:nixos.org 12:16:15
@vcunat:matrix.orgvcunat

gnutls had a security release yesterday:
https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html

Maybe I could have a look within several hours.

12:17:14
@vcunat:matrix.orgvcunat25.05 will probably need to pick the CVE patches. For staging: https://github.com/NixOS/nixpkgs/pull/42409516:38:33
@fr0de_0xa:matrix.orgFred Lahde joined the room.18:48:25
11 Jul 2025
@importantblimp:matrix.orgimportantblimp joined the room.09:54:49
@felix.schroeter:scs.ems.host@felix.schroeter:scs.ems.host joined the room.16:58:53
12 Jul 2025
@hexa:lossy.networkhexahttps://github.com/NixOS/nix/security/advisories/GHSA-qc7j-jgf3-qmhg12:15:00
@emilazy:matrix.orgemily handling nixVersions.git 13:22:35
@emilazy:matrix.orgemilyhttps://github.com/NixOS/nixpkgs/pull/42459313:33:13
@emilazy:matrix.orgemilytesting build on Darwin, if someone could get Linux that would be cool13:33:24
@xokdvium:matrix.orgSergei Zimmerman (xokdvium) joined the room.14:08:27
@xokdvium:matrix.orgSergei Zimmerman (xokdvium) Backport bot having issues on emily's PR. Manual backport I've opened at the same time https://github.com/NixOS/nixpkgs/pull/424592.
Will merge when darwin build finishes. 		14:10:48
14 Jul 2025
@grimmauld:grapevine.grimmauld.deGrimmauld (migrated to @grimmauld:m.grimmauld.de) *

https://nvd.nist.gov/vuln/detail/CVE-2025-6817 | https://github.com/HDFGroup/hdf5/issues/5572
https://nvd.nist.gov/vuln/detail/CVE-2025-6816 | https://github.com/HDFGroup/hdf5/issues/5571
https://nvd.nist.gov/vuln/detail/CVE-2025-6750 | https://github.com/HDFGroup/hdf5/issues/5549
https://nvd.nist.gov/vuln/detail/CVE-2025-6516 | https://github.com/HDFGroup/hdf5/issues/5581
https://nvd.nist.gov/vuln/detail/CVE-2025-6270 | https://github.com/HDFGroup/hdf5/issues/5580
https://nvd.nist.gov/vuln/detail/CVE-2025-6269 | https://github.com/HDFGroup/hdf5/issues/5579
https://nvd.nist.gov/vuln/detail/CVE-2025-7069 | https://github.com/HDFGroup/hdf5/issues/5550
https://nvd.nist.gov/vuln/detail/CVE-2025-7068 | https://github.com/HDFGroup/hdf5/issues/5578
https://nvd.nist.gov/vuln/detail/CVE-2025-7067 | https://github.com/HDFGroup/hdf5/issues/5577

hdf5 doesn't have a new release, and none of these CVEs have patches yet either. I'll be watching the issues, i have my own projects that depend on hdf5 (bachelors thesis) but figured i might as well post these here too. Fix will likely only come out in September.

07:07:15

Show newer messages

Back to Room ListRoom Version: 6