| 3 Jun 2025 |
|  yadov3k joined the room. | 12:12:31 |
|  themadbit joined the room. | 18:26:39 |
 Morgan (@numinit) | Samba https://www.samba.org/samba/security/CVE-2025-0620.html | 20:02:40 |
| Morgan (@numinit) | Seems to only apply to 4.21, though. So we may be fine? | 20:04:44 |
| 4 Jun 2025 |
 teutat3s | New electron releases with fixes for CVE-2025-5419 are available, I'll get to creating a PR later today. | 13:13:22 |
 hexa | https://curl.se/docs/CVE-2025-5399.html 8.14.1 | 14:07:26 |
| hexa | * https://curl.se/docs/CVE-2025-5399.html 8.14.1 Scrumplex | 14:07:33 |
 Scrumplex | https://github.com/NixOS/nixpkgs/pull/413896 | 14:08:13 |
| hexa | are you preparing patches for 25.05 and 24.11? | 14:09:55 |
| Scrumplex | Backports should work for both releases, if I am not mistaken | 14:31:04 |
| Scrumplex | 24.11 is a little behind actually. We would need a manual patch there | 14:31:36 |
| teutat3s | https://github.com/NixOS/nixpkgs/pull/413995 | 17:53:16 |
| hexa | curl updates are imo risky and introduce regressions every now and then | 18:03:25 |
| hexa | 23.11 looked like this | 18:04:13 |
| hexa | patches = [
# fix ipv6 autodetect compile error in configure script
# remove once https://github.com/curl/curl/pull/12607 released (8.6.0)
./configure-ipv6-autodetect.diff
# https://curl.se/docs/CVE-2023-46219.html
./0001-CVE-2023-42619.patch
# https://curl.se/docs/CVE-2023-46218.html
./0002-CVE-2023-42618.patch
# https://curl.se/docs/CVE-2024-2398.html
./0003-CVE-2024-2398.patch
# https://curl.se/docs/CVE-2024-2004.html
./0004-CVE-2024-2004.patch
];
| 18:04:18 |
| hexa | frankly not sure why that practice changed | 18:04:36 |
|  HedgeMage joined the room. | 19:26:55 |
| 5 Jun 2025 |
|  h0nig2k joined the room. | 07:36:47 |
| h0nig2k | Hi, is there any planned triage for https://www.cve.org/CVERecord?id=CVE-2025-4517 - python with CVE 9,4? | 07:40:52 |
 vcunat | I saw https://github.com/NixOS/nixpkgs/pull/413689 | 07:41:52 |
 Grimmauld (any/all) | Probably more relevant: https://github.com/NixOS/nixpkgs/pull/413987
there is an update, not just patches to cherry-pick | 08:59:43 |
 stigo | https://github.com/NixOS/nixpkgs/pull/414219 for CVE-2011-10007 affecting perlPackages.FileFindRule | 12:13:00 |
|  b12f changed their display name from b12f to undefined. | 09:38:08 |
| b12f changed their display name from undefined to b12f. | 11:18:22 |
|  @mokasin:mokasin.de left the room. | 18:55:31 |
|  @tioan:dunwyn.xyz left the room. | 19:02:18 |
| 6 Jun 2025 |
|  arcayr changed their profile picture. | 01:11:39 |
| 7 Jun 2025 |
|  matrixrooms.info mod bot (does NOT read/send messages and/or invites; used for checking reported rooms) left the room. | 22:17:28 |
| matrixrooms.info mod bot (does NOT read/send messages and/or invites; used for checking reported rooms) joined the room. | 23:22:01 |
| 8 Jun 2025 |
|  @-jb:matrix.org removed their profile picture. | 09:16:38 |
