| 8 Mar 2025 |
 emily | (should be in #security-discuss:nixos.org) | 03:44:34 |
 @joey:jdigi.net | Sorry, will post there | 03:45:00 |
| @joey:jdigi.net | Thanks | 03:45:02 |
| emily | (→ https://matrix.to/#/!ATURSDtpSAgOTfvtbq:lossy.network/$70MCEnnDRUWOYF6uXcpQCBisSTP93faBL6m9JrjcTOI?via=nixos.org&via=matrix.org&via=memes.nz) | 03:45:44 |
|  nf changed their profile picture. | 10:43:38 |
| 10 Mar 2025 |
 AkechiShiro | Hey just a quick update, I did reach out to him regarding the CVE, he did confirm that versions in Nixpkgs are vulnerable,
I also saw that some builds fixes are waiting to get build : https://github.com/NixOS/nixpkgs/pull/387730
OfBorg can't build the package, I guess the version bump would come after this PR which fixes some builds | 15:24:54 |
| @joey:jdigi.net left the room. | 15:42:22 |
| emily | (he's the sole listed maintainer for LibreOffice, does he plan to handle the CVEs?) | 15:59:50 |
 hexa | exactly my question | 16:12:18 |
|  Gaël joined the room. | 22:08:06 |
| AkechiShiro | Sorry for the delay, he plans to handle the CVE but he's unsure when he can do it | 22:14:26 |
| 11 Mar 2025 |
|  @3wy-kra:matrix.uni-hannover.de joined the room. | 16:59:37 |
| 12 Mar 2025 |
|  paq joined the room. | 09:25:20 |
| hexa | https://security.opensuse.org/2025/03/12/below-world-writable-log-dir.html | 15:30:08 |
| hexa |
Upstream released a bugfix in version v0.9.0 and a security advisory on GitHub.
| 15:30:22 |
| hexa | globin: | 15:30:29 |
| hexa | * globin please | 15:30:33 |
| 13 Mar 2025 |
 globin | On holiday right now, just tried but fetchCargoVendor seems to download too old dependencies and currently no further time to investigate, will only be able to check further end of next week. | 21:13:37 |
| globin | * On holiday right now, just tried but fetchCargoVendor seems to download too old dependencies and currently no further time to investigate, will only be able to check end of next week. | 21:13:40 |
| 14 Mar 2025 |
| hexa | https://blog.hartwork.org/posts/expat-2-7-0-released/ | 17:05:47 |
 Niklas Korz | In reply to @globin:toznenetl.chat
On holiday right now, just tried but fetchCargoVendor seems to download too old dependencies and currently no further time to investigate, will only be able to check end of next week. yup they bumped anyhow in upstream but did not update their lockfile in the process... | 18:15:01 |
| 15 Mar 2025 |
 vcunat | https://github.com/NixOS/nixpkgs/pull/390052 | 08:49:15 |
| 18 Mar 2025 |
 philipp | https://security.opensuse.org/2025/03/12/below-world-writable-log-dir.html I think this is still expolitable in nixos. Package is not updated and no other mitigations seem to be in place. | 09:34:34 |
 SigmaSquadron | In reply to @philipp:xndr.de
https://security.opensuse.org/2025/03/12/below-world-writable-log-dir.html I think this is still expolitable in nixos. Package is not updated and no other mitigations seem to be in place. On it! | 09:56:46 |
| SigmaSquadron | https://github.com/NixOS/nixpkgs/pull/390925 | 10:49:37 |
| 19 Mar 2025 |
|  @bluebirdlamentations:matrix.org joined the room. | 17:02:51 |
| @bluebirdlamentations:matrix.org changed their display name from Bluebird to qenya. | 17:03:10 |
| 20 Mar 2025 |
| hexa | https://webkitgtk.org/security/WSA-2025-0002.html Jan Tojnar | 20:46:37 |
|  egrieco joined the room. | 23:43:08 |
| 21 Mar 2025 |
|  Domen Kožar changed their profile picture. | 11:39:08 |
