| 24 Jul 2025 |
 vcunat | 25.05 proposal: https://github.com/NixOS/nixpkgs/pull/428121 | 18:02:30 |
| 25 Jul 2025 |
 niklaskorz | Nvidia legacy driver 535 update addressing CVE-2025-23286 ("vulnerability where an attacker may access sensitive system-level information"):
https://github.com/NixOS/nixpkgs/pull/428379 | 16:18:55 |
| 26 Jul 2025 |
|  oak 🏳️🌈♥️ changed their profile picture. | 08:28:43 |
| 27 Jul 2025 |
|  NullCube joined the room. | 04:50:47 |
| 31 Jul 2025 |
|  sammy (It/Its) joined the room. | 09:39:32 |
|  @sammy:cherrykitten.dev left the room. | 09:39:40 |
| 1 Aug 2025 |
|  @tejing:matrix.org joined the room. | 02:15:38 |
| @tejing:matrix.org | Given that it's addressing an RCE, I'd appreciate a quick turnaround on https://github.com/NixOS/nixpkgs/pull/429899 (The bot's review isn't relevant in this case) | 02:17:54 |
| @tejing:matrix.org | Thanks! | 03:23:39 |
| @tejing:matrix.org left the room. | 03:55:47 |
| 2 Aug 2025 |
|  @saiko:knifepoint.net changed their profile picture. | 00:27:56 |
 hexa | https://webkitgtk.org/security/WSA-2025-0005.html cc Jan Tojnar | 13:42:11 |
 tgerbet | https://github.com/NixOS/nixpkgs/pull/430151 | 14:02:40 |
| 5 Aug 2025 |
| hexa | https://lists.busybox.net/pipermail/busybox/2025-August/091665.html | 17:12:19 |
| hexa | * https://lists.busybox.net/pipermail/busybox/2025-August/091665.html 0day | 17:13:27 |
| hexa | * https://lists.busybox.net/pipermail/busybox/2025-August/091665.html busybox 0day | 17:13:30 |
 Alyssa Ross | "I am happy to observe a 30-day embargo", they say, in a message to a public lits | 17:14:23 |
| Alyssa Ross | * | 17:14:25 |
| hexa | yeah 🤦♂️hence 0day | 17:14:43 |
 K900 | oofe | 17:14:46 |
| hexa | people in all security rooms I'm in are facepalming | 17:14:57 |
| Alyssa Ross | tbf it's not like busybox is maintained anyway | 17:15:18 |
| Alyssa Ross | so the 30 days is probably not going to make a substantial difference | 17:15:50 |
| Alyssa Ross | oh wow, lots of commits recently | 17:16:13 |
| Alyssa Ross | maybe I should resend my patch | 17:16:19 |
| Alyssa Ross | (sorry, just realised this is triage) | 17:16:27 |
| hexa | Alyssa Ross: patch from ariadne https://git.alpinelinux.org/aports/tree/main/busybox/0001-tar-fix-TOCTOU-symlink-race-condition.patch?__goaway_challenge=cookie&__goaway_id=798fc2a5dc35e31635444270e8cca34a&id=9e42dea5fba84a8afad1f1910b7d3884128a567e | 22:55:39 |
| 6 Aug 2025 |
| Alyssa Ross | In reply to @hexa:lossy.network
Alyssa Ross: patch from ariadne https://git.alpinelinux.org/aports/tree/main/busybox/0001-tar-fix-TOCTOU-symlink-race-condition.patch?__goaway_challenge=cookie&__goaway_id=798fc2a5dc35e31635444270e8cca34a&id=9e42dea5fba84a8afad1f1910b7d3884128a567e Does Busybox rebuild every NixOS test? | 06:41:34 |
| hexa | I don't know | 10:44:02 |
| hexa | Alyssa Ross: yeah, looks like it does 🫣 | 15:47:16 |
