| 10 Mar 2025 |
 hexa | exactly my question | 16:12:18 |
|  Gaël joined the room. | 22:08:06 |
 AkechiShiro | Sorry for the delay, he plans to handle the CVE but he's unsure when he can do it | 22:14:26 |
| 11 Mar 2025 |
|  @3wy-kra:matrix.uni-hannover.de joined the room. | 16:59:37 |
| 12 Mar 2025 |
|  paq joined the room. | 09:25:20 |
| hexa | https://security.opensuse.org/2025/03/12/below-world-writable-log-dir.html | 15:30:08 |
| hexa |
Upstream released a bugfix in version v0.9.0 and a security advisory on GitHub.
| 15:30:22 |
| hexa | globin: | 15:30:29 |
| hexa | * globin please | 15:30:33 |
| 13 Mar 2025 |
 globin | On holiday right now, just tried but fetchCargoVendor seems to download too old dependencies and currently no further time to investigate, will only be able to check further end of next week. | 21:13:37 |
| globin | * On holiday right now, just tried but fetchCargoVendor seems to download too old dependencies and currently no further time to investigate, will only be able to check end of next week. | 21:13:40 |
| 14 Mar 2025 |
| hexa | https://blog.hartwork.org/posts/expat-2-7-0-released/ | 17:05:47 |
 Niklas Korz | In reply to @globin:toznenetl.chat
On holiday right now, just tried but fetchCargoVendor seems to download too old dependencies and currently no further time to investigate, will only be able to check end of next week. yup they bumped anyhow in upstream but did not update their lockfile in the process... | 18:15:01 |
| 15 Mar 2025 |
 vcunat | https://github.com/NixOS/nixpkgs/pull/390052 | 08:49:15 |
| 18 Mar 2025 |
 philipp | https://security.opensuse.org/2025/03/12/below-world-writable-log-dir.html I think this is still expolitable in nixos. Package is not updated and no other mitigations seem to be in place. | 09:34:34 |
 SigmaSquadron | In reply to @philipp:xndr.de
https://security.opensuse.org/2025/03/12/below-world-writable-log-dir.html I think this is still expolitable in nixos. Package is not updated and no other mitigations seem to be in place. On it! | 09:56:46 |
| SigmaSquadron | https://github.com/NixOS/nixpkgs/pull/390925 | 10:49:37 |
| 19 Mar 2025 |
|  @bluebirdlamentations:matrix.org joined the room. | 17:02:51 |
| @bluebirdlamentations:matrix.org changed their display name from Bluebird to qenya. | 17:03:10 |
| 20 Mar 2025 |
| hexa | https://webkitgtk.org/security/WSA-2025-0002.html Jan Tojnar | 20:46:37 |
|  egrieco joined the room. | 23:43:08 |
| 21 Mar 2025 |
|  Domen Kožar changed their profile picture. | 11:39:08 |
 Jan Tojnar | thanks, currently building it https://github.com/NixOS/nixpkgs/pull/391948 | 22:39:44 |
| 23 Mar 2025 |
 Grimmauld (moving to @grimmauld:grapevine.grimmauld.de) | I just stumbled accross https://nvd.nist.gov/vuln/detail/CVE-2025-0840, should https://github.com/NixOS/nixpkgs/pull/388157 get the security tag? | 13:45:41 |
| hexa | nvd doesn't load here | 13:46:45 |
| hexa | https://github.com/advisories/GHSA-c5qp-mx9f-m5c7 | 13:47:07 |
| hexa | yup, link the advisory in a comment and add the security tag | 13:47:25 |
| Grimmauld (moving to @grimmauld:grapevine.grimmauld.de) | done | 13:48:58 |
 emily | 
Download image.png | 13:49:39 |
| emily | most useful CVE title | 13:49:41 |
