| 7 Jul 2025 |
|  Katalin 🔪 changed their display name from Katalin ⚧︎ to Katalin 🔪. | 23:27:41 |
| 9 Jul 2025 |
|  jonhermansen joined the room. | 01:01:41 |
 syd installs gentoo (they/them) | https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384
git clone --recursive RCE
CVE-2025-48384 | 11:10:20 |
 K900 | Known, we're deciding how to best handle it | 11:21:38 |
| 10 Jul 2025 |
 vcunat | I just noticed our intel-media-sdk; upstream says
This project will no longer be maintained by Intel.
This project has been identified as having known security escapes.
We use it in particular in ffmpeg-full. No idea how big a risk it is in there.
| 08:32:52 |
 hexa | https://security-tracker.debian.org/tracker/source-package/intel-mediasdk | 12:14:24 |
| hexa | removed from debian in 2024-10 | 12:15:01 |
| hexa | other distros, e.g. fedora, are still shipping it | 12:15:10 |
| hexa | -> #security-discuss:nixos.org | 12:16:15 |
| vcunat | gnutls had a security release yesterday:
https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
Maybe I could have a look within several hours.
| 12:17:14 |
| vcunat | 25.05 will probably need to pick the CVE patches. For staging:
https://github.com/NixOS/nixpkgs/pull/424095 | 16:38:33 |
|  Fred Lahde joined the room. | 18:48:25 |
| 11 Jul 2025 |
|  importantblimp joined the room. | 09:54:49 |
|  Felix Schröter joined the room. | 16:58:53 |
| 12 Jul 2025 |
| hexa | https://github.com/NixOS/nix/security/advisories/GHSA-qc7j-jgf3-qmhg | 12:15:00 |
 emily | handling nixVersions.git | 13:22:35 |
| emily | https://github.com/NixOS/nixpkgs/pull/424593 | 13:33:13 |
| emily | testing build on Darwin, if someone could get Linux that would be cool | 13:33:24 |
|  Sergei Zimmerman (xokdvium) joined the room. | 14:08:27 |
| Sergei Zimmerman (xokdvium) | Backport bot having issues on emily's PR. Manual backport I've opened at the same time https://github.com/NixOS/nixpkgs/pull/424592.
Will merge when darwin build finishes. | 14:10:48 |
