| 19 Jan 2025 |
|  Reventlov left the room. | 09:36:52 |
| 20 Jan 2025 |
 tgerbet | vim Philip Taron (UTC-8) https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955 | 22:21:02 |
| 21 Jan 2025 |
 Philip Taron (UTC-8) | In reply to @tgerbet:matrix.org
vim Philip Taron (UTC-8) https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955 Iām next at a computer tomorrow morning. Thanks for the heads up. Looks relatively minor all told. | 01:44:04 |
|  oak š³ļøāšā„ļø changed their profile picture. | 22:35:37 |
| oak š³ļøāšā„ļø changed their profile picture. | 22:37:18 |
| 22 Jan 2025 |
| Philip Taron (UTC-8) | https://github.com/NixOS/nixpkgs/pull/375891 | 17:50:49 |
| 24 Jan 2025 |
 Grimmauld (moving to @grimmauld:grapevine.grimmauld.de) | Uh oh; We seem to be vulnerable to https://nvd.nist.gov/vuln/detail/CVE-2022-27470 and SDL_ttf has no maintainers and is 3 years outdated (no update script, and the project moved to github). Tasty 7.8 XD
This seems straight-forward to fix, will send a PR once i get there. | 11:05:48 |
| Grimmauld (moving to @grimmauld:grapevine.grimmauld.de) | update: Not really fixable; SDL2_ttf exists and fixes these vulnerabilities, the newest SDL1-based SDL_ttf is vulnerable. So even if we update from the current version (2.0.11, released in 2013) to the newest (2.0.18, released in 2022) this wouldn't actually fix the vuln. So i suppose the correct way is to update the depoendents instead? | 11:43:02 |
| Grimmauld (moving to @grimmauld:grapevine.grimmauld.de) | * update: Not really fixable; SDL2_ttf exists and fixes these vulnerabilities, the newest SDL1-based SDL_ttf is vulnerable. So even if we update from the current version (2.0.11, released in 2013) to the newest (2.0.18, released in 2022) this wouldn't actually fix the vuln. So i suppose the correct way is to update the dependents instead? | 11:43:08 |
