<j​effro256:monero.social> I'm interested in what the RCE vulnerability was. Was it just a RCE vulnerability in the uPnP lib itself ?

<j​effro256:monero.social> Oh yeah I see it's ref number: CVE-2015-6031

<o​frnxmr:xmr.mx> jeffro256 also see monero-project/monero #9367#issuecomment-2551077952

<o​frnxmr:xmr.mx> cve.mitre.org/cgi-bin/cvekey.cgi?keyword=miniupnp

<h​bs:matrix.org> Just had a chat with Ledger's cofounder, I talked about FCMP++ and CARROT, he will talk to the Ledger's architect in charge of the Monero app so he doesn't lag in looking into those changes

cc jeffro256

<j​effro256:monero.social> @hbs beautiful, thanks for reaching out. I'd like to connect w/ anyone who wants to write a Monero HW app, since there will be quite a few changes under the Carrot model

<0​xfffc:monero.social> Interesting. We should do the same IMHO. Putting it in my todo list.

<d​imalinux:monero.social> It looks like you have to get attacked by your own home router that exchanges XML to the mini-UPnP client. According to the docs at least, monerod doesn't engage in UPnP negotiation until it has waited a bit and determined that it is unable to receive inbound connections.

<o​frnxmr:xmr.mx> Tobtoht already removed it on a personal branch, but we dont have pcp replacement

<o​frnxmr:xmr.mx> tobtoht/monero b8d1b75 tob's removal

<h​bs:matrix.org> I can probably connect you with the right person within Ledger, for Trezor I have no clue so far.

<p​lowsof:matrix.org> i think that would be github.com/ph4r05 , pls confirm

<t​ritonn:matrix.org> I likely won't have time before you indeed do find someone as I'm busy with Xelis, but I'd definitelely be interested