| 13 May 2026 |
 Morgan (@numinit) | It's looking like a "tonight" thing for me (so several hours) | 19:23:44 |
 hexa | https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/ | 19:35:01 |
| hexa | ma27 | 19:35:22 |
 Sandro | untested https://github.com/NixOS/nixpkgs/pull/519893 | 19:46:05 |
 ma27 | tomorrow if noone's faster | 22:44:35 |
| 14 May 2026 |
|  louis joined the room. | 23:21:54 |
| louis left the room. | 23:22:37 |
| 15 May 2026 |
| louis joined the room. | 04:50:18 |
 leona | Redacted or Malformed Event | 06:59:27 |
| leona | https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn/ was again pre-leaked (likely through commit msg + Spengler (as Qualys reported on oss-sec)). Qualys doesn't yet publish their advisory. | 07:01:33 |
| leona | * https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn/ was again pre-leaked (likely through commit msg + LLM + Spengler (as Qualys reported on oss-sec)). Qualys doesn't yet publish their advisory. | 07:01:41 |
 arcayr | spengler again? | 07:19:08 |
 Bart | https://github.com/NixOS/nixpkgs/pull/517598 | 12:03:38 |
 kuflierl | https://github.com/NixOS/nixpkgs/pull/520646 | 22:58:40 |
| 16 May 2026 |
|  maurice joined the room. | 10:04:53 |
| 17 May 2026 |
| Morgan (@numinit) | BIND preannouncing that they are publishing a new release on May 20
https://lists.isc.org/pipermail/bind-announce/2026-May/001294.html | 20:47:14 |
| 18 May 2026 |
 blitz | https://github.com/NixOS/nixpkgs/pull/517358 <- does anyone know why this is not merged? | 08:06:15 |
 Alyssa Ross | Queued | 08:08:37 |
| blitz | Thank you!! | 08:08:49 |
 Grimmauld (any/all) | https://www.gimp.org/news/2026/04/19/gimp-3-2-4-released/
Security contributors bb1abu, HanTul, Rakan Alotaib, JungWoo Park, and Bronson Yen studied our image import plug-ins and reported several possible issues. We appreciate their code review and mitigation suggestions! Gabriele Barbe and Alx Sa implemented their suggestions for APNG, PAA, PNG, DDS, PSP, PNM, PSD, JIF, PVR, TIM, XWD, and SFW files.
No PR open to update gimp yet, seems there are a few image parsing issues fixed in 3.2.4. Apparently also includes potential RCE. | 10:23:04 |
| 19 May 2026 |
| arcayr | it doesn't look like there's one in yet so i'll try do it in the next couple hours. | 01:48:21 |
| Sandro | There two now, one from 31th March and one form 8 hours ago | 14:24:05 |
 Jenny | The next Linux LPE: https://github.com/v12-security/pocs/tree/main/pintheft | 14:52:15 |
| hexa | requires the rds kmod | 14:54:12 |
| hexa | another win for module lockdown | 14:54:19 |
 K900 | Can I just say that those v12 people are pissing me off | 14:54:39 |
| hexa | modprobe rds
modprobe: ERROR: could not insert 'rds': Operation not permitted
| 14:54:41 |
| hexa | Redacted or Malformed Event | 14:54:44 |
| K900 | At this point they're very clearly drip feeding the shit they found | 14:54:55 |
| K900 | As an ad for their LLM shit | 14:55:08 |
