Thomas Gerbet LeSuisse
LeSuisse
/ nixpkgs-oss-sec-ml-distro-merge-time.csv.csv
Last active
September 26, 2025 15:44
nixpkgs OSS Sec ML Distros Tracking Merge Time
We can make this file beautiful and searchable if this error is corrected: It looks like row 7 should actually have 9 columns, instead of 2 in line 6.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| OSS Sec publication,Project,Title,nixpkgs unstable PR ID,nixpkgs unstable PR merge date,nixpkgs unstable merge within 7 days,nixpkgs stable PR ID,nixpkgs stable PR merge date,nixpkgs stable merge within 7 days | |
| 08/07/2025 17:09:11,Git,[oss-security] Multiple vulnerabilities fixed in Git,417515,18/06/2025 15:59:41,✅,423646,08/07/2025 22:41:36,✅ | |
| 22/07/2025 22:14:20,Debian packaging of AIDE,[oss-security] non-issues in dailyaidecheck script in Debian's packaging of AIDE,No NixOS impact,#N/A,No NixOS impact,No NixOS impact,#N/A,No NixOS impact | |
| 16/07/2025 22:27:08,BIND 9,[oss-security] ISC has disclosed one vulnerability in BIND 9 (CVE-2025-40777),425877,22/07/2025 19:40:33,✅,427546,30/08/2025 14:46:34,❌ | |
| 03/08/2025 01:58:35,Linux,[oss-security] Linux kernel: eBPF vulnerabilities,Not a vuln?,#N/A,Not a vuln?,Not a vuln?,#N/A,Not a vuln? | |
| 04/06/2025 05:52:58,curl,[oss-security] [SECURITY AVISORY] curl: CVE-2025-5399: WebSocket endless loop,413896,08/06/2025 12:25:59,✅,413957,07/06/2025 06:07:28,✅ | |
| 05/06/2025 18:17:55,P |
LeSuisse
/ nixpkgs-merged-pr-close-date.csv
Created
September 23, 2025 22:02
nixpkgs merged PRs close date
We can't make this file beautiful and searchable because it's too large.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 115832,1746024693 | |
| 116274,1747251025 | |
| 117501,1708100828 | |
| 122608,1732937961 | |
| 128976,1733341323 | |
| 129337,1735921657 | |
| 133542,1710025047 | |
| 140429,1711724139 | |
| 146274,1727732080 | |
| 146847,1704674966 |
LeSuisse
/ ml-distros-archive.csv
Last active
September 28, 2025 18:20
ML Distros Archive CSV Format - https://oss-security.openwall.org/wiki/mailing-lists/distros/stats
We can make this file beautiful and searchable if this error is corrected: Unclosed quoted field in line 7.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| proj,soss,toss,cves | |
| CUPS,"[oss-security] CVE-2025-58060 cups: Authentication bypass with AuthType Negotiate",1757604607,CVE-2025-58060 | |
| CUPS,"[oss-security] CVE-2025-58364 cups: Remote DoS via null dereference",1757604612,CVE-2025-58364 | |
| curl,"[oss-security] [SECURITY ADVISORY] curl: CVE-2025-9086: Out of bounds read for cookie path",1757483605,CVE-2025-9086 | |
| "Perl CPAN JSON::XS","[oss-security] CVE-2025-40928: JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified",1757353591,CVE-2025-40928 | |
| "Perl CPAN Cpanel::JSON::XS","[oss-security] CVE-2025-40929: Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact",1757353590,CVE-2025-40929 | |
| "Perl CPAN JSON::SIMD","[oss-security] CVE-2025-40930: JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow ca |
LeSuisse
/ 01_implement_grub_strlcpy.patch
Last active
March 1, 2025 11:48
Minimal set of February security patches to apply on top of grub 2.12 tarball - https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html - https://github.com/NixOS/nixpkgs/pull/383375
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- a/include/grub/misc.h | |
| +++ b/include/grub/misc.h | |
| @@ -64,6 +64,45 @@ | |
| return d - 1; | |
| } | |
| +static inline grub_size_t | |
| +grub_strlcpy (char *dest, const char *src, grub_size_t size) | |
| +{ | |
| + char *d = dest; |
LeSuisse
/ CVE-2024-55578_ZAA-2024-05_6.3.1.patch
Created
January 12, 2025 19:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From f7b53ba21c468d861a1ab1f35f2d80207381a3ab Mon Sep 17 00:00:00 2001 | |
| Date: Fri, 29 Nov 2024 09:53:30 +0100 | |
| Subject: [PATCH] Maintenance: Improve settings log | |
| (cherry picked from commit 880049b555c0aeb65e6413c513a44557b1c3df12) | |
| --- | |
| app/models/setting.rb | 12 +++++-- | |
| .../initializers/filter_parameter_logging.rb | 11 +++++- | |
| spec/factories/setting.rb | 2 +- | |
| spec/models/setting_spec.rb | 35 +++++++++++++++++++ |
LeSuisse
/ 0001-Fix-bug-when-a-token-is-given-public-only-32204-3221.patch
Created
October 12, 2024 09:17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From d0863b0548783deb02c7db6eff4f10dcc252286c Mon Sep 17 00:00:00 2001 | |
| From: Lunny Xiao <[email protected]> | |
| Date: Wed, 9 Oct 2024 10:16:37 +0800 | |
| Subject: [PATCH] Fix bug when a token is given public only (#32204) (#32218) | |
| Backport #32204 | |
| (cherry picked from commit 56051d9b3bd58284a1b50c3d974fab3bd0acacaa) | |
| --- | |
| models/user/user.go | 4 + |
LeSuisse
/ paths_hit_polyfill.io.txt
Last active
June 29, 2024 13:18
polyfill_io_usage_nixos_unstable_b2852eb9365c6de48ffb0dc2c9562591f652242a
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Found in /nix/store/0m479hsrp8rv41w5j1l3pw2gn22x5500-adguardhome-0.107.51: {"bin/adguardhome": ["polyfill_io_bad_actor"]} | |
| Found in /nix/store/kcaa53a0fxws4ws8dlscgpvb2jk52z87-affine-0.14.3: {"lib/app.asar": ["polyfill_io_bad_actor"]} | |
| Found in /nix/store/3db9v3w4idga7ypg42wyzzxvlch2dx05-alice-lg-6.1.0: {"bin/alice-lg": ["polyfill_io_bad_actor"]} | |
| Found in /nix/store/y7j1cyjlxbnk8kk5d5nr6aij6pqy2cdf-clash-verge-rev-1.6.6: {"lib/clash-verge/resources/geosite.dat": ["polyfill_io_bad_actor"]} | |
| Found in /nix/store/sddrfp4vvys0lmkpnj788kjcy5q0nk8r-clash-verge-1.3.8: {"lib/clash-verge/resources/geosite.dat": ["polyfill_io_bad_actor"]} | |
| Found in /nix/store/41hapwipydxi6ywmw67mj9s55bjah8ff-clash-nyanpasu-1.4.5: {"lib/clash-nyanpasu/resources/geosite.dat": ["polyfill_io_bad_actor"]} | |
| Found in /nix/store/31xpnajyqdgfzp07ymlwh6mbya4w5cn9-coursera-dl-0.11.5: {"lib/python3.11/site-packages/coursera_dl-0.11.5.dist-info/METADATA": ["polyfill_io_bad_actor"]} | |
| Found in /nix/store/3hqj6ifbhqc09jkyxsjxh0cgxns4ymfi-deepin-voice-note-6. |
LeSuisse
/ 0001-postgresqlPackages.plv8-3.1.10-3.2.2.patch
Created
May 25, 2024 11:27
plv8 upgrade with system v8 12.5.227.9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From 51a84e5fc23be16ec5c2751271dd07eec9151e4a Mon Sep 17 00:00:00 2001 | |
| Date: Sat, 25 May 2024 13:24:45 +0200 | |
| Subject: [PATCH] postgresqlPackages.plv8: 3.1.10 -> 3.2.2 | |
| Changes: | |
| https://github.com/plv8/plv8/blob/v3.2.2/Changes | |
| --- | |
| ...001-build-Allow-using-V8-from-system.patch | 55 +++++++++---------- | |
| .../sql/postgresql/ext/plv8/default.nix | 7 +-- | |
| 2 files changed, 28 insertions(+), 34 deletions(-) |
LeSuisse
/ CVE-2024-28757.patch
Created
March 22, 2024 10:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From c645f5996f3a8cff10606182a8031d3c3ade6ea3 Mon Sep 17 00:00:00 2001 | |
| From: Sebastian Pipping <[email protected]> | |
| Date: Sun, 3 Mar 2024 02:19:58 +0100 | |
| Subject: [PATCH 1/2] lib/xmlparse.c: Reject directly recursive parameter | |
| entities | |
| (cherry picked from commit a4c86a395ee447c59175c762af3d17f7107b2261) | |
| --- | |
| lib/xmlparse.c | 2 +- | |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
LeSuisse
/ Ownership proof
Last active
January 28, 2024 13:57
Personal PGP key used for NixOS Security Team (January 2024)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -----BEGIN PGP SIGNED MESSAGE----- | |
| Hash: SHA512 | |
| https://github.com/NixOS/nixos-homepage/pull/1205 | |
| -----BEGIN PGP SIGNATURE----- | |
| iHUEARYKAB0WIQTCfx6QUgcoWRRperfc0LNgG11f0wUCZbZdLAAKCRDc0LNgG11f | |
| 0/OxAP9it/feGQGe7VBd9kk2U3AqCm/eV2tVs5sTjgy0LRH2MgD+M+Qhcm+oXI++ | |
| RCp84v6PtqByXgCECw0xdVv/F1qaJQE= | |
| =RDB1 |
NewerOlder