| 11 Jan 2025 |
 hexa | with how you're currently doing it you are also bypassing the cherry-pick check 😄 | 16:57:59 |
| hexa | * with how you're currently doing it you are also bypassing the cherry-pick check, because it can't find any references to commits on master/staging/... 😄 | 16:58:19 |
 Philip Taron (UTC-8) | Again, happy to do whatever, but I literally cherry-picked the PR commit on top of the staging-24.11 branch. If there's a built-in delay before a PR can be opened against a release branch for security issues, in the immortal words of a certain president, "I'm learning about it right now! Amazing!"
I have to go do weekend stuff now, so I'll leave merging/editing/rejecting in all y'all's hands until the evening. | 17:05:02 |
| hexa | the master PR is vim: 9.1.0990 -> 9.1.1006 #372980 | 17:05:55 |
| hexa | the 24.11 pR is vim: 9.1.0787 -> 9.1.1006 #372981 | 17:06:02 |
| hexa | so you're hiding at least the 9.1.0787 -> 9.1.0990 commit | 17:06:16 |
| hexa | * the 24.11 PR is vim: 9.1.0787 -> 9.1.1006 #372981 | 17:06:23 |
| Philip Taron (UTC-8) | I'm still super confused. During the cherry-pick process, I edited the staging commit's description from 9.1.0990 to 9.1.0787 (since when applied on staging-24.11, that's the version it would be upgrading.) Is the assumption that release branches get the full set of PRs backported?! | 17:08:44 |
| hexa | each individual intermediate commit, yeah | 17:09:43 |
| Philip Taron (UTC-8) | Ok, I think I understand. | 17:12:00 |
| Philip Taron (UTC-8) | * Ok, I think I understand. I picked the intermediate commits too. | 17:13:24 |
| hexa | let's continue on the PR | 17:16:10 |
| 12 Jan 2025 |
|  @strutztm:strutztm.de joined the room. | 00:24:58 |
| 13 Jan 2025 |
 Niklas Korz | Not sure if these are the same that were fixed in vaultwarden 1.32.7 three weeks ago:
https://chaos.social/@fbausch/113821745299078611 | 15:28:46 |
| Niklas Korz | I think they're all already fixed in the version of vaultwarden we ship | 15:29:40 |
| hexa | earlier | 15:29:53 |
| hexa | they were fixed in 1.32.5 | 15:30:14 |
| Niklas Korz | I see, thanks! | 15:33:12 |
| 14 Jan 2025 |
| hexa | https://www.openwall.com/lists/oss-security/2025/01/14/4 git | 18:14:18 |
| hexa | https://kb.cert.org/vuls/id/952657 rsync | 18:14:40 |
| hexa | https://github.com/NixOS/nixpkgs/pull/322012 | 18:14:46 |
| hexa | * https://github.com/NixOS/nixpkgs/pull/373784 | 18:15:01 |
 tgerbet | Currently building 2.47.2 :) | 18:16:42 |
| tgerbet | * Currently building 2.47.2 :)
https://github.com/NixOS/nixpkgs/pull/373784 | 18:31:52 |
| tgerbet | * Currently building 2.47.2 :)
https://github.com/NixOS/nixpkgs/pull/373801 | 18:32:10 |
 aidalgol | https://www.yubico.com/support/security-advisories/ysa-2025-01/ | 18:44:43 |
| hexa |
No Yubico hardware is affected.
| 18:45:16 |
| hexa | pam-u2f | 18:45:29 |
| aidalgol | AIUI, it's the PAM module for using U2F. | 18:46:18 |
|  ⛧-440729 [sophie raven] (it/its) changed their profile picture. | 18:56:36 |
