!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

709 Members
Coordination and triage of security issues in nixpkgs218 Servers

Load older messages

SenderMessageTime
27 Mar 2026
@pyrox:pyrox.devdish [Fox/It/She] manual backport of the last 3 nats-server releases to fix a few security issues for it on release-25.11 https://github.com/NixOS/nixpkgs/pull/503952 04:52:26
@pyrox:pyrox.devdish [Fox/It/She](by a few, I mean a lot, there's over 10 issues open from sectracker rn)04:52:50
@pyrox:pyrox.devdish [Fox/It/She]none of the open issues affect master branch since it's on the latest release that has fixes for all known issues that are on nixpkgs' security tracker04:55:16
@vcunat:matrix.orgvcunatI'd say it has security aspects, but no idea about severity: https://github.com/NixOS/nixpkgs/pull/50386906:20:31
@ma27:nicht-so.sexyma27 grafana security updates: https://github.com/NixOS/nixpkgs/pull/504009, https://github.com/NixOS/nixpkgs/pull/504014 (25.11) 10:33:43
@sasha:the-apothecary.clubMoved to @sashanoraa:matrix.org changed their display name from Sashanoraa.gay (she/her, ze/zir) to Moved to @sashanoraa:matrix.org.15:27:45
@pyrox:pyrox.devdish [Fox/It/She] https://github.com/NixOS/nixpkgs/pull/504174 closes 6 security issues for tandoor-recipes 17:58:25
28 Mar 2026
@qyliss:fairydust.spaceAlyssa RossWhether this is an mbedtls security fix depends on how much you trust in ad-hoc identification and workarounds of each instance of a systemic problem, I suppose, but people in here might like to be aware of it https://github.com/NixOS/nixpkgs/pull/50431808:19:38
@k900:0upti.meK900Ewwwww08:24:30
@k900:0upti.meK900 That's just UB no? 08:24:37
@emilazy:matrix.orgemilyhttps://github.com/wolfSSL/wolfssl/releases/tag/v5.9.0-stable18:04:14
@emilazy:matrix.orgemilythree high-severity CVEs and a bunch of others, no PR after ten days đź« 18:04:28
@emilazy:matrix.orgemily it's used in only 9 other packages and I'm about to make that 8. perhaps we should consider dropping. maybe tgerbet has input since he had to do the last update. (but #security-discuss:nixos.org for that ofc) 18:05:21
@emilazy:matrix.orgemilyoh, very sorry, it was already merged… ignore me18:06:26
29 Mar 2026
@arcayr:mischief.expertarcayr changed their profile picture.11:15:53
19 May 2021
@grahamc:nixos.org@grahamc:nixos.org set the history visibility to "world_readable".22:57:54
@grahamc:nixos.org@grahamc:nixos.org changed the room name to "" from "".22:57:54
@andreas.schraegle:helsinki-systems.deajs124 joined the room.22:58:46
@andi:kack.itandi- joined the room.23:00:51
@hexa:lossy.networkhexa joined the room.23:01:24
@sushi_dude:matrix.orgSushi Dude joined the room.23:04:45
@0x4a6f:matrix.org[0x4A6F] joined the room.23:04:54
@sumner:sumnerevans.comsumner joined the room.23:11:04
@sugi:matrix.besaid.desugi joined the room.23:24:52
@foxboron:archlinux.orgFoxboron joined the room.23:32:00
@adisbladis:matrix.orgadisbladis joined the room.23:43:35
20 May 2021
@sandro:supersandro.deSandro joined the room.00:06:39
@schatztruhe:stratum0.orgnora joined the room.00:31:53
@mkos:matrix.orgMark joined the room.00:38:14
@andreas.schraegle:helsinki-systems.deajs124 changed their display name from Andreas Schrägle to ajs124.00:40:47

Show newer messages

Back to Room ListRoom Version: 6