| 12 Sep 2025 |
 Sandro | I already saw that when clicking revert that the commit was already created. Approved, too. | 11:54:56 |
 emily | (personally I don't think we need tons of ceremony for reverting for things that would have been a blocking review if caught hours before merge rather than after. part of the Hintjens optimistic merging doc people like is unilateral reverts if a change is problematic. so I'll hit the merge button) | 11:56:38 |
| 13 Sep 2025 |
|  oak 🏳️🌈♥️ changed their profile picture. | 09:46:05 |
| 14 Sep 2025 |
|  Emma [it/its] joined the room. | 08:39:56 |
| 15 Sep 2025 |
|  kevincox changed their display name from kevincox to kevincox (moved to @kevincox:kevincox.ca). | 19:40:13 |
| 16 Sep 2025 |
 teutat3s | https://github.com/NixOS/nixpkgs/pull/443455 | Fix CVE-2025-59161 / GHSA-m6c8-98f4-75rr "A malicious room can hide an unrelated room and cause it to be left when the malicious room is left " | 14:41:53 |
 dish [Fox/It/She] | queued to merge, ty! | 16:06:25 |
| Sandro | Should we drop goldwarden if it's development is halted?
https://github.com/quexten/goldwarden | 16:16:13 |
 hexa | #security-discuss:nixos.org | 16:18:47 |
| hexa | https://github.com/NixOS/nixpkgs/pull/443573 | 21:57:34 |
| 18 Sep 2025 |
| hexa | https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-05.html | 12:47:05 |
| 19 Sep 2025 |
|  mkg20001 changed their profile picture. | 17:21:04 |
| 20 Sep 2025 |
|  scr1bbles left the room. | 15:40:33 |
| 21 Sep 2025 |
| hexa | https://paste.swordarmor.fr/raw/GvZ8 | 01:02:15 |
| hexa | * From: Maria Matejka via Bird-downstream <bird-downstream@lists.nic.cz>
To: BIRD downstream maintainers <bird-downstream@lists.nic.cz>
Cc: Maria Matejka <maria.matejka@nic.cz>
Reply-To: BIRD downstream maintainers <bird-downstream@lists.nic.cz>
Date: Fri, 19 Sep 2025 16:05:44 +0200
Subject: [Bird-downstream] Expected release of BIRD 3.0.5 and 3.1.4
[-- Attachment #1 --]
[-- Type: multipart/alternative, Encoding: 7bit, Size: 4.3K --]
Hello!
Please expect that hopefully on monday we're going to release fixup
versions 3.0.5 and 3.1.4; this time there is an embargoed patch included
so after we're done fixing, we're going to share the TGZs with you
privately before announcing and pushing to the public repository.
Please advise which timing is good for you to coordinate the release.
I would like to aim to monday evening or tuesday morning european time;
if something goes wrong, tuesday evening would be the time.
Thanks!
Maria
--
Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o.
[-- Attachment #2 --]
[-- Type: text/plain, Encoding: 7bit, Size: 0.2K --]
_______________________________________________
Bird-downstream mailing list -- bird-downstream@lists.nic.cz
To unsubscribe send an email to bird-downstream-leave@lists.nic.cz
| 01:02:26 |
| 22 Sep 2025 |
|  Felix Schröter changed their display name from Felix Schröter to Felix Schröter (🌄 29.09. – 05.10.). | 09:55:50 |
| hexa | https://trubka.network.cz/pipermail/bird-users/2025-September/018417.html | 21:38:56 |
 Tom | https://github.com/NixOS/nixpkgs/pull/445303 | 22:29:47 |
| hexa | https://seclists.org/oss-sec/2025/q3/177 Jan Tojnar | 23:16:39 |
| hexa | * https://seclists.org/oss-sec/2025/q3/177 webkitgtk Jan Tojnar | 23:16:43 |
| hexa | I'm a bit lost on webkitgtk versioning, we seem to be on 2.50.0 for all versions? | 23:17:48 |
| 23 Sep 2025 |
 vcunat | bird2 is NOT affected by these security issues, by the way. | 05:33:14 |
 Jan Tojnar | yes. The versions in attribute name indicate ABI variant: 6_0 linked against GTK 4 and libsoup 3, 4_1 linked against GTK 3 and libsoup 3, 4_0 linked against GTK 3 and libsoup 2 (insecure) | 09:27:13 |
|  kenji changed their display name from a-kenji to kenji. | 10:38:47 |
| 24 Sep 2025 |
 lennart | release notes are yet to be released, I guess that will open in the next 2-4 hours https://github.com/NixOS/nixpkgs/pull/445709 | 05:28:45 |
| lennart | * Zammad release notes are yet to be released, I guess that will open in the next 2-4 hours https://github.com/NixOS/nixpkgs/pull/445709 | 05:28:51 |
| lennart | there is a fix to one security problem included, that I discovered. but they also had more disclosure processes involved in that release. | 05:33:13 |
 Markus Theil | OpenSSL Release Announcement
The OpenSSL project team would like to announce the upcoming release of
OpenSSL Library versions 3.5.4, 3.4.3, 3.3.5, 3.2.5 and 3.0.18.
We will also be releasing extended support for OpenSSL Library versions 1.0.2zm and 1.1.1zd, which will be available to premium support customers.
These releases will be made available on Tuesday, 30th September 2025, between 1300 and 1700 UTC.
These are security-fix releases. The highest severity issue fixed in each of these releases is Moderate:
https://openssl-library.org/policies/general/security-policy/index.html
Yours
The OpenSSL Project Team
| 07:27:04 |
| Markus Theil | I'd like to skip 3.5.3 and directly bump to 3.5.4 and 3.0.18. | 07:27:56 |
| lennart | In reply to @lennart:0520.ch
Zammad release notes are yet to be released, I guess that will open in the next 2-4 hours https://github.com/NixOS/nixpkgs/pull/445709 three Security Advisories linkes
- https://zammad.com/en/advisories/zaa-2025-07
- https://zammad.com/en/advisories/zaa-2025-08
- https://zammad.com/en/advisories/zaa-2025-09 | 09:55:49 |
