| 20 Nov 2025 |
 hexa | https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 gnutls vcunat | 19:21:32 |
| hexa | 3.8.11 basically | 19:21:44 |
 vcunat | https://github.com/NixOS/nixpkgs/pull/463470 | 19:21:55 |
| 21 Nov 2025 |
|  amadaluzia changed their display name from amadaluzia to amadaluzia (in 🇹🇷 til 25). | 14:44:25 |
| amadaluzia changed their display name from amadaluzia (in 🇹🇷 til 25) to amadaluzia (🇹🇷 til 25th). | 14:45:11 |
| 22 Nov 2025 |
| hexa | https://seclists.org/oss-sec/2025/q4/204 libpng | 13:31:44 |
| hexa | http://github.com/nixos/nixpkgs/pull/463987 | 13:32:11 |
| 23 Nov 2025 |
|  @easel:matrix.org left the room. | 01:50:39 |
| 24 Nov 2025 |
| amadaluzia changed their display name from amadaluzia (🇹🇷 til 25th) to amadaluzia. | 12:57:50 |
| 25 Nov 2025 |
|  @steeringwheelrules:tchncs.de left the room. | 18:12:22 |
| 26 Nov 2025 |
 mdaniels5757 | These PRs with security updates to packages (or their dependencies) have been approved by their respective maintainers, but still need to be merged. https://github.com/NixOS/nixpkgs/pull/463918 https://github.com/NixOS/nixpkgs/pull/464033 https://github.com/NixOS/nixpkgs/pull/464451 | 02:38:48 |
 dish [Fox/It/She] | In reply to @mdaniels5757:matrix.org
These PRs with security updates to packages (or their dependencies) have been approved by their respective maintainers, but still need to be merged. https://github.com/NixOS/nixpkgs/pull/463918 https://github.com/NixOS/nixpkgs/pull/464033 https://github.com/NixOS/nixpkgs/pull/464451 queued all, thank you | 02:52:06 |
| hexa | https://www.cve.org/CVERecord?id=CVE-2025-45311 | 19:41:10 |
| hexa | * https://www.cve.org/CVERecord?id=CVE-2025-45311 fail2ban rce | 19:41:16 |
| hexa | * https://www.cve.org/CVERecord?id=CVE-2025-45311 fail2ban | 19:42:54 |
| hexa | https://lobste.rs/s/p5k6aa/fail2ban_rce open discussion here | 19:43:01 |
 K900 | Something something petard | 19:43:02 |
| vcunat | Why is it called RCE? They write
attackers with limited sudo privileges
| 19:43:47 |
| vcunat | That's like a completely different level of severity. | 19:44:12 |
| hexa | posted it before reading it fully, doesn't make sense to me yet, sorry | 19:44:51 |
| mdaniels5757 | The "vuln"s listed are different. On https://packetstorm.news/files/id/189989, the "vuln" is that when you set an arbitrary shell command to run when an IP is banned, and then an IP is banned, the arbitrary shells script runs. But on https://gist.github.com/R-Security/1c707a08f9c7f9a91d9d84b5010aaed2, it claims that there is "insufficient sanitization of variables", I see no evidence of that provided. CVE slop? | 20:42:47 |
| mdaniels5757 | I'll file an issue with upstream and see what they say. | 20:43:35 |
| mdaniels5757 | https://github.com/fail2ban/fail2ban/issues/4110 | 20:58:18 |
| hexa | https://nlnetlabs.nl/news/2025/Nov/26/unbound-1.24.2-released/ | 21:32:26 |
| hexa | something more actionable | 21:32:33 |
 Scrumplex | In reply to @hexa:lossy.network
something more actionable Has already been merged into staging. Currently building 25.05 and 25.11 backports | 22:12:34 |
| Scrumplex | * Has already been merged into staging. Currently building 25.05 and 25.11 backports
Edit: https://github.com/NixOS/nixpkgs/pull/465262 | 22:13:53 |
| 27 Nov 2025 |
 dotlambda | https://github.com/NixOS/nixpkgs/pull/445729#issuecomment-3583620846 | 00:20:14 |
| dotlambda | https://github.com/NixOS/nixpkgs/pull/465433 | 00:21:08 |
|  conatsera joined the room. | 03:14:14 |
