| 5 Aug 2025 |
 hexa | * https://lists.busybox.net/pipermail/busybox/2025-August/091665.html busybox 0day | 17:13:30 |
 Alyssa Ross | "I am happy to observe a 30-day embargo", they say, in a message to a public lits | 17:14:23 |
| Alyssa Ross | * | 17:14:25 |
| hexa | yeah 🤦♂️hence 0day | 17:14:43 |
 K900 | oofe | 17:14:46 |
| hexa | people in all security rooms I'm in are facepalming | 17:14:57 |
| Alyssa Ross | tbf it's not like busybox is maintained anyway | 17:15:18 |
| Alyssa Ross | so the 30 days is probably not going to make a substantial difference | 17:15:50 |
| Alyssa Ross | oh wow, lots of commits recently | 17:16:13 |
| Alyssa Ross | maybe I should resend my patch | 17:16:19 |
| Alyssa Ross | (sorry, just realised this is triage) | 17:16:27 |
| hexa | Alyssa Ross: patch from ariadne https://git.alpinelinux.org/aports/tree/main/busybox/0001-tar-fix-TOCTOU-symlink-race-condition.patch?__goaway_challenge=cookie&__goaway_id=798fc2a5dc35e31635444270e8cca34a&id=9e42dea5fba84a8afad1f1910b7d3884128a567e | 22:55:39 |
| 6 Aug 2025 |
| Alyssa Ross | In reply to @hexa:lossy.network
Alyssa Ross: patch from ariadne https://git.alpinelinux.org/aports/tree/main/busybox/0001-tar-fix-TOCTOU-symlink-race-condition.patch?__goaway_challenge=cookie&__goaway_id=798fc2a5dc35e31635444270e8cca34a&id=9e42dea5fba84a8afad1f1910b7d3884128a567e Does Busybox rebuild every NixOS test? | 06:41:34 |
| hexa | I don't know | 10:44:02 |
| hexa | Alyssa Ross: yeah, looks like it does 🫣 | 15:47:16 |
| Alyssa Ross | Keep it for the Friday kernel updates then? | 15:47:37 |
| hexa | sgtm | 15:47:43 |
| Alyssa Ross | left a comment | 15:48:14 |
 Sandro 🐧 | You need to strip the query strings otherwise the link is dead ....
https://git.alpinelinux.org/aports/tree/main/busybox/0001-tar-fix-TOCTOU-symlink-race-condition.patch | 23:35:43 |
| 8 Aug 2025 |
|  0x4A6F joined the room. | 06:59:20 |
| 9 Aug 2025 |
| hexa | https://seclists.org/oss-sec/2025/q3/82 7-zip | 23:02:50 |
| hexa | emily: do we have that one or the other one? | 23:03:23 |
 emily | we have both :( | 23:03:34 |
| emily | this one would be _7zz | 23:03:46 |
| emily | p7zip is probably vulnerable since it's unmaintained | 23:03:53 |
| emily | please feel free to kill that one with fire | 23:03:58 |
| 10 Aug 2025 |
 Emil Thorsøe | Redacted or Malformed Event | 16:28:24 |
| Emil Thorsøe | https://github.com/Nheko-Reborn/nheko/releases/tag/v0.12.1 | 16:29:47 |
| Emil Thorsøe | not sure what it is, but marked security | 16:30:09 |
| hexa | html escaping | 16:57:12 |
