01:47:30 <m-relay> <j​effro256:monero.social> I'm interested in what the RCE vulnerability was. Was it just a RCE vulnerability in the uPnP lib itself ?
01:49:31 <m-relay> <j​effro256:monero.social> Oh yeah I see it's ref number: CVE-2015-6031
02:01:37 <m-relay> <o​frnxmr:xmr.mx> jeffro256  also see https://github.com/monero-project/monero/pull/9367#issuecomment-2551077952
02:03:13 <m-relay> <o​frnxmr:xmr.mx> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=miniupnp
10:59:15 <m-relay> <h​bs:matrix.org> Just had a chat with Ledger's cofounder, I talked about FCMP++ and CARROT, he will talk to the Ledger's architect in charge of the Monero app so he doesn't lag in looking into those changes
11:17:41 <plowsof> cc jeffro256 
15:19:11 <m-relay> <j​effro256:monero.social> @hbs beautiful, thanks for reaching out. I'd like to connect w/ anyone who wants to write a Monero HW app, since there will be quite a few changes under the Carrot model
15:38:07 <m-relay> <0​xfffc:monero.social> Interesting. We should do the same IMHO. Putting it in my todo list.
16:04:15 <m-relay> <d​imalinux:monero.social> It looks like you have to get attacked by your own home router that exchanges XML to the mini-UPnP client. According to the docs at least, monerod doesn't engage in UPnP negotiation until it has waited a bit and determined that it is unable to receive inbound connections.
16:11:11 <m-relay> <o​frnxmr:xmr.mx> Tobtoht already removed it on a personal branch, but we dont have pcp replacement
16:12:02 <m-relay> <o​frnxmr:xmr.mx> https://github.com/tobtoht/monero/commit/b8d1b7547f0519d197ebf9f73a7f66baeecab0df tob's removal
17:46:44 <m-relay> <h​bs:matrix.org> I can probably connect you with the right person within Ledger, for Trezor I have no clue so far.
20:51:02 <m-relay> <p​lowsof:matrix.org> i think that would be https://github.com/ph4r05 , pls confirm
23:01:25 <m-relay> <t​ritonn:matrix.org> I likely won't have time before you indeed do find someone as I'm busy with Xelis, but I'd definitelely be interested