| 27 Nov 2025 |
 hexa | if you expose a cupsd that wide 🤷 | 15:34:06 |
| 28 Nov 2025 |
|  Grimmauld (any/all) changed their display name from grimmauld (any/all) to musl-official | Grimm | any/all. | 11:35:37 |
| Grimmauld (any/all) changed their display name from musl-official | Grimm | any/all to Grimmauld (any/all). | 11:36:00 |
| 29 Nov 2025 |
|  amadaluzia changed their profile picture. | 11:40:57 |
| 30 Nov 2025 |
|  @sdier:matrix.org left the room. | 15:36:54 |
| 1 Dec 2025 |
 niklaskorz | https://kde.org/info/security/advisory-20251128-1.txt | 12:10:35 |
| niklaskorz | (fix already landed in both 25.11 and unstable but 25.05 appears to be still affected) | 12:12:17 |
 K900 | I think 25.05 might be too old, someone needs to backport the patch | 12:13:32 |
| niklaskorz | Or mark as vulnerable and hint that 25.11 has the fix until someone as time to backport the patch | 12:17:01 |
| niklaskorz | * Or mark as vulnerable and hint that 25.11 has the fix until someone has time to backport the patch | 12:17:11 |
| niklaskorz | Actually never mind that, the fix has been merged into 25.05 too by @K900 hree days ago, just hasnt reached nixos-25.05 yet | 13:01:07 |
| K900 | OK I'm thinking of something else then | 13:01:25 |
| K900 | (narrator voice: he was not, in fact, thinking) | 13:01:37 |
| niklaskorz | * Actually never mind that, the fix has been merged into 25.05 too by @K900 three days ago, just hasnt reached nixos-25.05 yet | 13:01:52 |
|  Brisingr changed their display name from Brisingr05 to Brisingr. | 18:39:58 |
| 2 Dec 2025 |
|  phelix | 3383 changed their display name from phelix to phelix | 3383. | 19:07:24 |
 mdaniels5757 | It is acceptable to mark packages as vulnerable on release branches, right? It was said to be a prohibited breaking change in https://github.com/NixOS/nixpkgs/pull/466983. I've been creating these backports (and getting them merged) for a bit, but I want some more validation before I reopen that PR :) | 22:35:01 |
| hexa | if we cannot fix them we tend to mark as vulnerable, yes. better kept in #security-discuss:nixos.org | 22:42:28 |
| hexa | https://seclists.org/oss-sec/2025/q4/228 | 22:50:38 |
| hexa | * https://seclists.org/oss-sec/2025/q4/228 vim | 22:50:52 |
| hexa | cc Philip Taron (UTC-8) | 22:51:04 |
| hexa | blargh, windows only | 22:51:21 |
| hexa | 🪟 | 22:51:33 |
| 3 Dec 2025 |
| hexa | https://seclists.org/oss-sec/2025/q4/229 xorg.xkbcomp (1.4.7 -> 1.5.0) | 10:19:30 |
| hexa | https://www.openwall.com/lists/oss-security/2025/12/03/5 libpng 1.6.52 vcunat | 21:13:44 |
 vcunat | Doesn't seem critical and it will be a big rebuild, so I'm in no rush for today. | 23:10:53 |
| hexa | should be in the next staging cycle still | 23:28:39 |
| 4 Dec 2025 |
| vcunat | https://github.com/NixOS/nixpkgs/pull/467753 | 07:19:26 |
| vcunat | https://github.com/NixOS/nixpkgs/pull/467766 | 08:15:50 |
| hexa | https://www.openwall.com/lists/oss-security/2025/12/04/3 webkitgtk 2.50.3 | 15:22:27 |
