!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

703 Members
Coordination and triage of security issues in nixpkgs216 Servers

Load older messages

SenderMessageTime
21 Jan 2026
@hexa:lossy.networkhexahttps://seclists.org/oss-sec/2026/q1/98 bind916:34:03
@ma27:nicht-so.sexyma27

another one for glibc: https://www.openwall.com/lists/oss-security/2026/01/20/3

will do the patching tomorrow, off to bed now.

22:19:43
@ma27:nicht-so.sexyma27

There is no known application impact for this CVE, and the feature is generally non-functional with the two flags.

doesn't seem too bad anyways
(from https://sourceware.org/bugzilla/show_bug.cgi?id=33814)

22:21:09
@tgerbet:matrix.orgtgerbethttps://github.com/NixOS/nixpkgs/pull/48246423:12:35
24 Jan 2026
@leona:leona.isleona https://www.openwall.com/lists/oss-security/2026/01/23/8 cpython hexa 20:34:08
@hexa:lossy.networkhexaI'm aware, was contemplating waiting for a release, because all were medium20:34:40
@hexa:lossy.networkhexaper https://peps.python.org/pep-0719/ that would be Feb 3rd20:36:07
@hexa:lossy.networkhexasame for 3.14 per https://peps.python.org/pep-0745/20:36:41
@vcunat:matrix.orgvcunatIt would be nice to get a review on libxml2 patching: https://github.com/NixOS/nixpkgs/pull/48084420:45:20
@vcunat:matrix.orgvcunat So that we can pull this stdenv rebuild into staging-next-25.11 soon. 20:45:48
25 Jan 2026
@cve:entropia.de@cve:entropia.de left the room.16:11:42
@hedgemage:unredacted.org@hedgemage:unredacted.org left the room.19:11:47
@tim:stratum0.orgdadada changed their profile picture.20:33:59
@tim:stratum0.orgdadada changed their profile picture.20:39:02
@tim:stratum0.orgdadada changed their profile picture.21:17:38
27 Jan 2026
@whispers:catgirl.cloudwhispers [& it/fae] changed their display name from whispers (it/fae) to whispers [& it/fae].02:51:44
@sigmasquadron:matrix.orgSigmaSquadronXSAs #477 and #479: https://github.com/NixOS/nixpkgs/pull/48437012:09:22
@tgerbet:matrix.orgtgerbetGnuPG with possible RCE https://www.openwall.com/lists/oss-security/2026/01/27/817:47:11
@tgerbet:matrix.orgtgerbetSame for OpenSSL https://www.openwall.com/lists/oss-security/2026/01/27/517:49:08
@tgerbet:matrix.orgtgerbetThe possible RCE does not impact the 2.4.x branch we are using apparently17:53:11
@vcunat:matrix.orgvcunatI'll update it.18:27:10
@vcunat:matrix.orgvcunathttps://github.com/NixOS/nixpkgs/pull/48446318:28:37
28 Jan 2026
@vcunat:matrix.orgvcunatOlder openssl branch: https://github.com/NixOS/nixpkgs/pull/48464107:37:03
@nina.fromm:cyberus-technology.deNina Fromm joined the room.16:52:59
30 Jan 2026
@os:matrix.flyingcircus.ioosnyx (he/him)The November grub2 security patches never made it into 25.11, only master and 25.05. https://github.com/NixOS/nixpkgs/pull/48529211:10:48
@hexa:lossy.networkhexa tgif, @K900 can you merge that with the kernel bumps? 12:44:04
@vcunat:matrix.orgvcunat I rebased it to staging-next-25.11 which should merge within a week. 12:48:08
@vcunat:matrix.orgvcunat(hopefully 4-5 days if we don't run into significant regressions)12:48:52
@vcunat:matrix.orgvcunat * I rebased it to staging-next-25.11 which should merge to release-25.11 within a week. 12:49:14
@vcunat:matrix.orgvcunat* (hopefully in 4-5 days if we don't run into significant regressions)12:49:20

Show newer messages

Back to Room ListRoom Version: 6