| 9 Apr 2026 |
 Samuel Dionne-Riel | avahi CVEs and mitigation https://github.com/NixOS/nixpkgs/pull/508012 | 14:19:37 |
|  andre4ik3 joined the room. | 21:49:06 |
| andre4ik3 | Hi, would appreciate review/and or merge of https://github.com/NixOS/nixpkgs/pull/508083 for Cockpit CVE-2026-4631 (https://github.com/advisories/GHSA-rq49-h582-83m7) | 21:49:32 |
|  caverav joined the room. | 22:07:46 |
|  Sapii joined the room. | 23:06:48 |
| 10 Apr 2026 |
 Tom | Could someone please take a look at this go bump: https://github.com/NixOS/nixpkgs/pull/508457
Particullary relevant for nixos-25.11 since there it's the default go version. | 20:35:19 |
| 11 Apr 2026 |
 Bart | Redacted or Malformed Event | 23:58:28 |
| 12 Apr 2026 |
| andre4ik3 | Backport for 25.11: https://github.com/NixOS/nixpkgs/pull/508929 | 06:39:55 |
|  leona changed their profile picture. | 12:15:45 |
| 13 Apr 2026 |
|  Andrei Jiroh [moved to @ajhalili2006:tchncs.de] changed their display name from Andrei Jiroh [moved to @ajhalili2006:envs.net] to Andrei Jiroh [moved to @ajhalili2006:tchncs.de]. | 00:19:56 |
 Sandro | https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.5
dotlambda
| 00:55:56 |
 hexa | https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.6 | 01:03:50 |
|  Alesya changed their display name from Alesya Huzik to Alesya. | 01:46:22 |
|  Aliaksandr joined the room. | 02:28:46 |
 teutat3s | https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/6VW6OGVSC7LO3QUMBEZOPQFYYOFDJ452/ | 12:18:31 |
| teutat3s | https://github.com/NixOS/nixpkgs/pull/509590 | 14:52:33 |
| teutat3s | https://github.com/NixOS/nixpkgs/pull/509591 | 14:52:40 |
|  Jenny joined the room. | 19:43:21 |
| 14 Apr 2026 |
|  Lukas joined the room. | 01:53:47 |
| Sandro | Two critical authentication bypasses
https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.15.2 | 11:49:55 |
| Sandro | https://github.com/NixOS/nixpkgs/pull/509941 | 12:02:50 |
 vcunat | X.Org Security Advisory: multiple security issues X.Org X server and Xwayland
https://lists.x.org/archives/xorg-announce/2026-April/003677.html | 16:22:07 |
|  klea (she/her) joined the room. | 16:23:16 |
| klea (she/her) changed their display name from klea to klea (she/her). | 16:27:22 |
 K900 | https://www.gamingonlinux.com/2026/04/x-org-x-server-and-xwayland-security-advisory-released-for-multiple-issues/ | 17:41:07 |
| K900 | Oops | 17:41:09 |
| 15 Apr 2026 |
| vcunat | At a glance it's difficult for me to estimate how serious these are. (and thus if staging-next is worth the rebuild with the PR) | 05:49:05 |
 kuflierl | In reply to @vcunat:matrix.org
At a glance it's difficult for me to estimate how serious these are. (and thus if staging-next is worth the rebuild with the PR) From the descriptions alone I would say "CVE-2026-34001: XSYNC Use-after-free" is probably the most dangerous one since it could theoretically allow for local priv esc but that would need more work | 08:08:15 |
| kuflierl | Redacted or Malformed Event | 08:09:26 |
| kuflierl | * i have not read the structs being freed, this is just me assuming there is a pointer somewhere in that strict | 08:09:35 |
