| 12 May 2026 |
|  Harinn joined the room. | 18:14:40 |
 flx | https://github.com/NixOS/nixpkgs/pull/519502 | 18:32:28 |
| 13 May 2026 |
| flx | https://github.com/NixOS/nixpkgs/pull/519882 | 19:12:05 |
 Morgan (@numinit) | https://depthfirst.com/nginx-rift
FYI, nginx 😬, seems to trigger with captures in rewrite | 19:15:16 |
 tgerbet | https://nginx.org/en/CHANGES
https://nginx.org/en/CHANGES-1.30
There are also other sec issues in the releases
nginxMainline will need a 1.29 -> 1.31 bump.
It would be nice if someone could handle it, I have done the last nginx upgrades but I'm not close to a laptop until tomorrow night | 19:23:09 |
| Morgan (@numinit) | It's looking like a "tonight" thing for me (so several hours) | 19:23:44 |
 hexa | https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/ | 19:35:01 |
| hexa | ma27 | 19:35:22 |
 Sandro | untested https://github.com/NixOS/nixpkgs/pull/519893 | 19:46:05 |
 ma27 | tomorrow if noone's faster | 22:44:35 |
| 14 May 2026 |
|  louis joined the room. | 23:21:54 |
| louis left the room. | 23:22:37 |
| 15 May 2026 |
| louis joined the room. | 04:50:18 |
 leona | Redacted or Malformed Event | 06:59:27 |
| leona | https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn/ was again pre-leaked (likely through commit msg + Spengler (as Qualys reported on oss-sec)). Qualys doesn't yet publish their advisory. | 07:01:33 |
| leona | * https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn/ was again pre-leaked (likely through commit msg + LLM + Spengler (as Qualys reported on oss-sec)). Qualys doesn't yet publish their advisory. | 07:01:41 |
 arcayr | spengler again? | 07:19:08 |
 Bart | https://github.com/NixOS/nixpkgs/pull/517598 | 12:03:38 |
 kuflierl | https://github.com/NixOS/nixpkgs/pull/520646 | 22:58:40 |
| 16 May 2026 |
|  maurice joined the room. | 10:04:53 |
| 17 May 2026 |
| Morgan (@numinit) | BIND preannouncing that they are publishing a new release on May 20
https://lists.isc.org/pipermail/bind-announce/2026-May/001294.html | 20:47:14 |
| 18 May 2026 |
 blitz | https://github.com/NixOS/nixpkgs/pull/517358 <- does anyone know why this is not merged? | 08:06:15 |
 Alyssa Ross | Queued | 08:08:37 |
| blitz | Thank you!! | 08:08:49 |
 Grimmauld (any/all) | https://www.gimp.org/news/2026/04/19/gimp-3-2-4-released/
Security contributors bb1abu, HanTul, Rakan Alotaib, JungWoo Park, and Bronson Yen studied our image import plug-ins and reported several possible issues. We appreciate their code review and mitigation suggestions! Gabriele Barbe and Alx Sa implemented their suggestions for APNG, PAA, PNG, DDS, PSP, PNM, PSD, JIF, PVR, TIM, XWD, and SFW files.
No PR open to update gimp yet, seems there are a few image parsing issues fixed in 3.2.4. Apparently also includes potential RCE. | 10:23:04 |
| 19 May 2026 |
| arcayr | it doesn't look like there's one in yet so i'll try do it in the next couple hours. | 01:48:21 |
| Sandro | There two now, one from 31th March and one form 8 hours ago | 14:24:05 |
 Jenny | The next Linux LPE: https://github.com/v12-security/pocs/tree/main/pintheft | 14:52:15 |
| hexa | requires the rds kmod | 14:54:12 |
| hexa | another win for module lockdown | 14:54:19 |
