| 12 Dec 2025 |
|  whispers (it/fae) changed their profile picture. | 04:51:21 |
 emily | this has come up several times, right? may be time for the drop | 13:14:48 |
| emily | cc @me:indeednotjames.com I suppose | 13:15:07 |
| emily | (oh, this is triage room. didn't mean to imply responsibility) | 13:15:44 |
 hexa | https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2324 networkmanager | 23:31:15 |
| hexa | cc Jan Tojnar | 23:31:24 |
| hexa | https://www.strongswan.org/blog/2025/12/12/strongswan-vulnerability-(cve-2025-9615).html strongswan | 23:32:00 |
| hexa | cc nickcao 😕 | 23:32:06 |
| hexa | * cc nickcao | 23:32:10 |
| 13 Dec 2025 |
|  NixOS Moderation Bot unbanned  @joepie91:pixie.town. | 05:58:58 |
 mdaniels5757 | Redacted or Malformed Event | 23:58:23 |
| 14 Dec 2025 |
|  7karni joined the room. | 03:50:10 |
|  suua joined the room. | 13:31:00 |
| 16 Dec 2025 |
| hexa | https://www.openwall.com/lists/oss-security/2025/12/16/2 dropbear | 14:15:32 |
| 17 Dec 2025 |
| hexa | https://seclists.org/oss-sec/2025/q4/283 webkitgtk 2.50.4 | 02:02:28 |
| hexa | https://github.com/NixOS/nixpkgs/pull/471701 | 15:41:02 |
| 18 Dec 2025 |
|  Felix Schröter (🎄2025-12-20T00/2026-01-05T00) changed their display name from Felix Schröter to Felix Schröter (🎄20.12.–04.01.). | 12:24:09 |
| Felix Schröter (🎄2025-12-20T00/2026-01-05T00) changed their display name from Felix Schröter (🎄20.12.–04.01.) to Felix Schröter (🎄2025-12-20T00/2026-01-05T00). | 14:54:58 |
| 19 Dec 2025 |
 Joachim Ernst | https://github.com/NixOS/nixpkgs/pull/471962 ✅️ and https://github.com/NixOS/nixpkgs/pull/472012 ⏳️ | 10:33:23 |
| 21 Dec 2025 |
|  n4ch723hr3r (putting stuff in your name is cringe) joined the room. | 12:20:58 |
| n4ch723hr3r (putting stuff in your name is cringe) | 👋
hi, the package matrix-continuwuity is currently vulnerable to an attack where any server can forge certain events. the devs have currently fixed this in this commit: https://forgejo.ellis.link/continuwuation/continuwuity/commit/7fa4fa98628593c1a963f5aa8dbc3657d604b047 | 12:22:09 |
| n4ch723hr3r (putting stuff in your name is cringe) | its being exploited in the wild which is afaik why the devs have kind of rushed it out | 12:22:54 |
| hexa | can you send a PR that applies the patch? | 12:25:45 |
| hexa | * n4ch723hr3r (putting stuff in your name is cringe): can you send a PR that applies the patch? | 12:25:53 |
| n4ch723hr3r (putting stuff in your name is cringe) | the problem is that they have not released a full version, so it might be best to just use that commit as a patch to the version we currently use | 12:27:16 |
 leona | Redacted or Malformed Event | 12:27:36 |
| n4ch723hr3r (putting stuff in your name is cringe) | https://github.com/NixOS/nixpkgs/pull/472955
i havent tested it yet | 13:15:18 |
| n4ch723hr3r (putting stuff in your name is cringe) | and im kind of a noob at this so sorry if this way of patching an app is stupid 😄 | 13:15:47 |
 emily | I don't think it's enough to just cherry-pick just that one commit.
There are at least 2 commits that fix validation: https://forgejo.ellis.link/continuwuation/continuwuity/commits/commit/7fa4fa98628593c1a963f5aa8dbc3657d604b047
It is paramount that you update to the latest commit from our forgejo as soon as you can. A full release will be following later today.
https://fedi.transgender.ing/notes/agj9mne73ias00d8
If anything, we should bump our version to the unreleased git commit.
| 13:48:53 |
| n4ch723hr3r (putting stuff in your name is cringe) | i merged them together, if i remember correctly | 13:50:33 |
