| 12 Mar 2025 |
 hexa | https://security.opensuse.org/2025/03/12/below-world-writable-log-dir.html | 15:30:08 |
| hexa |
Upstream released a bugfix in version v0.9.0 and a security advisory on GitHub.
| 15:30:22 |
| hexa | globin: | 15:30:29 |
| hexa | * globin please | 15:30:33 |
| 13 Mar 2025 |
 globin | On holiday right now, just tried but fetchCargoVendor seems to download too old dependencies and currently no further time to investigate, will only be able to check further end of next week. | 21:13:37 |
| globin | * On holiday right now, just tried but fetchCargoVendor seems to download too old dependencies and currently no further time to investigate, will only be able to check end of next week. | 21:13:40 |
| 14 Mar 2025 |
| hexa | https://blog.hartwork.org/posts/expat-2-7-0-released/ | 17:05:47 |
 Niklas Korz | In reply to @globin:toznenetl.chat
On holiday right now, just tried but fetchCargoVendor seems to download too old dependencies and currently no further time to investigate, will only be able to check end of next week. yup they bumped anyhow in upstream but did not update their lockfile in the process... | 18:15:01 |
| 15 Mar 2025 |
 vcunat | https://github.com/NixOS/nixpkgs/pull/390052 | 08:49:15 |
| 18 Mar 2025 |
 philipp | https://security.opensuse.org/2025/03/12/below-world-writable-log-dir.html I think this is still expolitable in nixos. Package is not updated and no other mitigations seem to be in place. | 09:34:34 |
 SigmaSquadron | In reply to @philipp:xndr.de
https://security.opensuse.org/2025/03/12/below-world-writable-log-dir.html I think this is still expolitable in nixos. Package is not updated and no other mitigations seem to be in place. On it! | 09:56:46 |
| SigmaSquadron | https://github.com/NixOS/nixpkgs/pull/390925 | 10:49:37 |
| 19 Mar 2025 |
|  @bluebirdlamentations:matrix.org joined the room. | 17:02:51 |
| @bluebirdlamentations:matrix.org changed their display name from Bluebird to qenya. | 17:03:10 |
| 20 Mar 2025 |
| hexa | https://webkitgtk.org/security/WSA-2025-0002.html Jan Tojnar | 20:46:37 |
|  egrieco joined the room. | 23:43:08 |
| 21 Mar 2025 |
|  Domen Kožar changed their profile picture. | 11:39:08 |
 Jan Tojnar | thanks, currently building it https://github.com/NixOS/nixpkgs/pull/391948 | 22:39:44 |
| 23 Mar 2025 |
 Grimmauld (moving to @grimmauld:grapevine.grimmauld.de) | I just stumbled accross https://nvd.nist.gov/vuln/detail/CVE-2025-0840, should https://github.com/NixOS/nixpkgs/pull/388157 get the security tag? | 13:45:41 |
| hexa | nvd doesn't load here | 13:46:45 |
| hexa | https://github.com/advisories/GHSA-c5qp-mx9f-m5c7 | 13:47:07 |
| hexa | yup, link the advisory in a comment and add the security tag | 13:47:25 |
| Grimmauld (moving to @grimmauld:grapevine.grimmauld.de) | done | 13:48:58 |
 emily | 
Download image.png | 13:49:39 |
| emily | most useful CVE title | 13:49:41 |
| Grimmauld (moving to @grimmauld:grapevine.grimmauld.de) | tldr, buffer overflow in objdump | 14:00:53 |
| Grimmauld (moving to @grimmauld:grapevine.grimmauld.de) | (would have been a better title) | 14:01:00 |
| hexa | imported, so it is what it is | 14:01:29 |
| hexa | * imported, so it is what it is, also please move to discuss 😛 | 14:01:43 |
| 25 Mar 2025 |
|  aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) changed their display name from aleksana (force me to bed after 18:00 UTC) to aleksana 🏳️⚧️ (force me to bed after 18:00 UTC). | 17:00:15 |
