!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

726 Members
Coordination and triage of security issues in nixpkgs225 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
19 Jul 2025
@jonhermansen:matrix.orgjonhermansenI've never raised any security issue, but I think I have all my ducks in a row. Let me know if not17:34:05
@jonhermansen:matrix.orgjonhermansen* I've never raised any security issue, but I think I got everything right. Let me know if not17:36:47
20 Jul 2025
@tomasajt:matrix.orgToma joined the room.00:29:58
21 Jul 2025
@os:matrix.flyingcircus.ioosnyx (he/him) The coordinated matrix update has been postponed to 2025-08-11. 08:03:55
@emilazy:matrix.orgemily
In reply to @jonhermansen:matrix.org
I updated MS Edge, then saw it addresses recent Chromium vuln: https://github.com/NixOS/nixpkgs/pull/426714
looks like the automated backport failed, so stable is still vulnerable 		12:42:39
22 Jul 2025
@jonhermansen:matrix.orgjonhermansen Thank you @mdaniels5757 for backporting it. I tested and approved it but can't merge it. https://github.com/NixOS/nixpkgs/pull/427270 02:15:02
@jonhermansen:matrix.orgjonhermansen Thank you @mdaniels5757 for backporting it. I reviewed, tested and approved it but can't merge it. https://github.com/NixOS/nixpkgs/pull/427270 02:16:24
@emilazy:matrix.orgemilyRedacted or Malformed Event02:17:50
@emilazy:matrix.orgemilyoops02:17:52
@emilazy:matrix.orgemily😅 there's a reason we have the "browsers have committer among maintainers" rule02:18:14
@emilazy:matrix.orgemily(but unfortunately the committer who volunteered for Edge hasn't reviewed/merged any PRs)02:18:30
@jonhermansen:matrix.orgjonhermansenThanks emily. Is there anything else I should do there?02:20:44
@emilazy:matrix.orgemily just have to wait for someone to merge. but in the long run there'll need to be an active committer involved in the package to sustainably merge security updates; pretty much every browser update has CVEs. (should probably move to #security-discuss:nixos.org for extended discussion) 02:23:29
23 Jul 2025
@implr:hackerspace.plimplr set a profile picture.10:57:46
@implr:hackerspace.plimplr changed their profile picture.11:21:44
@transcaffeine:finallycoffee.eutranscaffeine https://github.com/NixOS/nixpkgs/pull/427778 snipe-it (due to livewire's CVE-2025-54068) 15:46:29
@grimmauld:grapevine.grimmauld.deGrimmauld (migrated to @grimmauld:m.grimmauld.de) Marking all the libsoup_2_4 vulnerabilities:
https://github.com/NixOS/nixpkgs/pull/427813
(following the conversation in #dev:nixos.org ) 		17:31:29

Show newer messages

Back to Room ListRoom Version: 6