| 20 Nov 2025 |
|  John joined the room. | 05:11:05 |
|  @cve:entropia.de joined the room. | 13:42:24 |
| @cve:entropia.de | Would someone mind having a look at 462970 and 463034?
Both pull requests are open for close to two days by now and they fix a medium-severity security vulnerability in Tor, potentially leading to a remote crash.
Besides, relays on the old version are also no longer advertised in the current Tor consensus, meaning they now display a scary red warning too.
| 13:53:22 |
| @cve:entropia.de | * Would someone mind having a look at 462970 and 463034?
Both pull requests fix a medium-severity security vulnerability in Tor, potentially leading to a remote crash.
Besides, relays on the old version are also no longer advertised in the current Tor consensus, meaning they now display a scary red warning too.
| 13:53:38 |
|  Yevhen Zhyhalo joined the room. | 16:09:00 |
 hexa | https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 gnutls vcunat | 19:21:32 |
| hexa | 3.8.11 basically | 19:21:44 |
 vcunat | https://github.com/NixOS/nixpkgs/pull/463470 | 19:21:55 |
| 21 Nov 2025 |
|  amadaluzia changed their display name from amadaluzia to amadaluzia (in 🇹🇷 til 25). | 14:44:25 |
| amadaluzia changed their display name from amadaluzia (in 🇹🇷 til 25) to amadaluzia (🇹🇷 til 25th). | 14:45:11 |
| 22 Nov 2025 |
| hexa | https://seclists.org/oss-sec/2025/q4/204 libpng | 13:31:44 |
| hexa | http://github.com/nixos/nixpkgs/pull/463987 | 13:32:11 |
| 23 Nov 2025 |
|  @easel:matrix.org left the room. | 01:50:39 |
| 24 Nov 2025 |
| amadaluzia changed their display name from amadaluzia (🇹🇷 til 25th) to amadaluzia. | 12:57:50 |
| 25 Nov 2025 |
|  @steeringwheelrules:tchncs.de left the room. | 18:12:22 |
| 26 Nov 2025 |
 mdaniels5757 | These PRs with security updates to packages (or their dependencies) have been approved by their respective maintainers, but still need to be merged. https://github.com/NixOS/nixpkgs/pull/463918 https://github.com/NixOS/nixpkgs/pull/464033 https://github.com/NixOS/nixpkgs/pull/464451 | 02:38:48 |
 dish [Fox/It/She] | In reply to @mdaniels5757:matrix.org
These PRs with security updates to packages (or their dependencies) have been approved by their respective maintainers, but still need to be merged. https://github.com/NixOS/nixpkgs/pull/463918 https://github.com/NixOS/nixpkgs/pull/464033 https://github.com/NixOS/nixpkgs/pull/464451 queued all, thank you | 02:52:06 |
| hexa | https://www.cve.org/CVERecord?id=CVE-2025-45311 | 19:41:10 |
| hexa | * https://www.cve.org/CVERecord?id=CVE-2025-45311 fail2ban rce | 19:41:16 |
| hexa | * https://www.cve.org/CVERecord?id=CVE-2025-45311 fail2ban | 19:42:54 |
| hexa | https://lobste.rs/s/p5k6aa/fail2ban_rce open discussion here | 19:43:01 |
 K900 | Something something petard | 19:43:02 |
| vcunat | Why is it called RCE? They write
attackers with limited sudo privileges
| 19:43:47 |
| vcunat | That's like a completely different level of severity. | 19:44:12 |
