| 4 Jul 2025 |
 emily | er | 11:06:24 |
| emily | wrong room sorry | 11:06:26 |
| 6 Jul 2025 |
|  @jammie:matrix.org left the room. | 02:28:02 |
|  Cathal changed their display name from CJ to Cathal. | 17:17:33 |
| 7 Jul 2025 |
 leona | https://github.com/NixOS/nixpkgs/pull/421805 keycloak security update | 06:51:59 |
|  @saiko:knifepoint.net changed their display name from Katalin ⚧︎ to Katalin 🔪. | 23:27:41 |
| 9 Jul 2025 |
|  jonhermansen joined the room. | 01:01:41 |
 syd installs gentoo (they/them) | https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384
git clone --recursive RCE
CVE-2025-48384 | 11:10:20 |
 K900 | Known, we're deciding how to best handle it | 11:21:38 |
| 10 Jul 2025 |
 vcunat | I just noticed our intel-media-sdk; upstream says
This project will no longer be maintained by Intel.
This project has been identified as having known security escapes.
We use it in particular in ffmpeg-full. No idea how big a risk it is in there.
| 08:32:52 |
 hexa | https://security-tracker.debian.org/tracker/source-package/intel-mediasdk | 12:14:24 |
| hexa | removed from debian in 2024-10 | 12:15:01 |
| hexa | other distros, e.g. fedora, are still shipping it | 12:15:10 |
| hexa | -> #security-discuss:nixos.org | 12:16:15 |
| vcunat | gnutls had a security release yesterday:
https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
Maybe I could have a look within several hours.
| 12:17:14 |
| vcunat | 25.05 will probably need to pick the CVE patches. For staging:
https://github.com/NixOS/nixpkgs/pull/424095 | 16:38:33 |
|  Fred Lahde joined the room. | 18:48:25 |
