| 13 Apr 2026 |
|  Andrei Jiroh [moved to @ajhalili2006:tchncs.de] changed their display name from Andrei Jiroh [moved to @ajhalili2006:envs.net] to Andrei Jiroh [moved to @ajhalili2006:tchncs.de]. | 00:19:56 |
 Sandro | https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.5
dotlambda
| 00:55:56 |
 hexa | https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.6 | 01:03:50 |
|  Alesya changed their display name from Alesya Huzik to Alesya. | 01:46:22 |
|  Aliaksandr joined the room. | 02:28:46 |
 teutat3s | https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/6VW6OGVSC7LO3QUMBEZOPQFYYOFDJ452/ | 12:18:31 |
| teutat3s | https://github.com/NixOS/nixpkgs/pull/509590 | 14:52:33 |
| teutat3s | https://github.com/NixOS/nixpkgs/pull/509591 | 14:52:40 |
|  Jenny joined the room. | 19:43:21 |
| 14 Apr 2026 |
|  Lukas joined the room. | 01:53:47 |
| Sandro | Two critical authentication bypasses
https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.15.2 | 11:49:55 |
| Sandro | https://github.com/NixOS/nixpkgs/pull/509941 | 12:02:50 |
 vcunat | X.Org Security Advisory: multiple security issues X.Org X server and Xwayland
https://lists.x.org/archives/xorg-announce/2026-April/003677.html | 16:22:07 |
|  klea (she/her) joined the room. | 16:23:16 |
| klea (she/her) changed their display name from klea to klea (she/her). | 16:27:22 |
 K900 | https://www.gamingonlinux.com/2026/04/x-org-x-server-and-xwayland-security-advisory-released-for-multiple-issues/ | 17:41:07 |
| K900 | Oops | 17:41:09 |
| 15 Apr 2026 |
| vcunat | At a glance it's difficult for me to estimate how serious these are. (and thus if staging-next is worth the rebuild with the PR) | 05:49:05 |
 kuflierl | In reply to @vcunat:matrix.org
At a glance it's difficult for me to estimate how serious these are. (and thus if staging-next is worth the rebuild with the PR) From the descriptions alone I would say "CVE-2026-34001: XSYNC Use-after-free" is probably the most dangerous one since it could theoretically allow for local priv esc but that would need more work | 08:08:15 |
| kuflierl | Redacted or Malformed Event | 08:09:26 |
| kuflierl | * i have not read the structs being freed, this is just me assuming there is a pointer somewhere in that strict | 08:09:35 |
| kuflierl | * i have not read the structs being freed, this is just me assuming there is a pointer somewhere in that strict | 08:09:45 |
| 16 Apr 2026 |
 fgaz | Critical sandbox escape in luanti https://github.com/NixOS/nixpkgs/pull/510535 | 09:09:15 |
| K900 | Maybe just backport the fixed version? It's a videogame, do we really need to worry about breakage here | 09:10:55 |
| fgaz | I don't know, I don't have time to review the breaking changes right now | 09:12:06 |
| fgaz | keep in mind it includes a game server as well. breaking changes might affect server operators | 09:12:44 |
| K900 | OK, going to merge for now | 09:12:44 |
| vcunat | Here's another case of dilemma between pulling breaking changes vs. marking as insecure:
https://github.com/NixOS/nixpkgs/pull/500876 | 11:50:14 |
| Sandro | Just build the package on hydra and then people can consume it without pain when allowing it. | 13:35:09 |
| hexa | how about porting the patches? | 13:36:05 |
