| 4 Mar 2025 |
|  lassulus changed their profile picture. | 17:49:02 |
| 6 Mar 2025 |
 AkechiShiro | Could someone handle this please ? (affects LibreOffice versions prior to 24.8.5 and 25.2.1.) :
https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080/ | 11:47:22 |
 hexa | can you reach out to michael raskin? | 11:49:02 |
| hexa | @7c6f434c:nitro.chat | 11:49:40 |
|  Grimmauld (moving to @grimmauld:grapevine.grimmauld.de) changed their display name from Grimmauld to Grimmauld (any/all). | 15:53:28 |
| 7 Mar 2025 |
|  lisipu joined the room. | 18:10:24 |
 Scrumplex | Redacted or Malformed Event | 20:21:25 |
| 8 Mar 2025 |
|  @joey:jdigi.net joined the room. | 03:31:48 |
| @joey:jdigi.net | Hi all. I don't think this is a security issue perse, but its come to my attention the nix librewolf package doesn't appear to be applying privacy and security related patches to firefox as it should and is therefore not a good-faith representation of librewolf and its main claims of added privacy and security. Frankly I think its egregious enough it should be taken down until its fixed. What should be done about this? | 03:42:32 |
| @joey:jdigi.net | Relevant issue for more context: https://github.com/NixOS/nixpkgs/issues/344417 | 03:43:04 |
 emily | (should be in #security-discuss:nixos.org) | 03:44:34 |
| @joey:jdigi.net | Sorry, will post there | 03:45:00 |
| @joey:jdigi.net | Thanks | 03:45:02 |
| emily | (→ https://matrix.to/#/!ATURSDtpSAgOTfvtbq:lossy.network/$70MCEnnDRUWOYF6uXcpQCBisSTP93faBL6m9JrjcTOI?via=nixos.org&via=matrix.org&via=memes.nz) | 03:45:44 |
|  ncfavier changed their profile picture. | 10:43:38 |
| 10 Mar 2025 |
| AkechiShiro | Hey just a quick update, I did reach out to him regarding the CVE, he did confirm that versions in Nixpkgs are vulnerable,
I also saw that some builds fixes are waiting to get build : https://github.com/NixOS/nixpkgs/pull/387730
OfBorg can't build the package, I guess the version bump would come after this PR which fixes some builds | 15:24:54 |
| @joey:jdigi.net left the room. | 15:42:22 |
| emily | (he's the sole listed maintainer for LibreOffice, does he plan to handle the CVEs?) | 15:59:50 |
| hexa | exactly my question | 16:12:18 |
|  Gaël joined the room. | 22:08:06 |
| AkechiShiro | Sorry for the delay, he plans to handle the CVE but he's unsure when he can do it | 22:14:26 |
| 11 Mar 2025 |
|  @3wy-kra:matrix.uni-hannover.de joined the room. | 16:59:37 |
| 12 Mar 2025 |
|  paq joined the room. | 09:25:20 |
| hexa | https://security.opensuse.org/2025/03/12/below-world-writable-log-dir.html | 15:30:08 |
| hexa |
Upstream released a bugfix in version v0.9.0 and a security advisory on GitHub.
| 15:30:22 |
| hexa | globin: | 15:30:29 |
| hexa | * globin please | 15:30:33 |
| 13 Mar 2025 |
 globin | On holiday right now, just tried but fetchCargoVendor seems to download too old dependencies and currently no further time to investigate, will only be able to check further end of next week. | 21:13:37 |
| globin | * On holiday right now, just tried but fetchCargoVendor seems to download too old dependencies and currently no further time to investigate, will only be able to check end of next week. | 21:13:40 |
| 14 Mar 2025 |
| hexa | https://blog.hartwork.org/posts/expat-2-7-0-released/ | 17:05:47 |
