New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openssl: 1.1.1h -> 1.1.1i #106362
Merged
Merged
openssl: 1.1.1h -> 1.1.1i #106362
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mweinelt
added
1.severity: security
9.needs: port to stable
A PR needs a backport to the stable release.
labels
Dec 8, 2020
Closes #106218 |
Fixes: CVE-2020-1971 Closes: NixOS#106218
ghost
approved these changes
Dec 8, 2020
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have updated my systems to 1.1.1i with the same patch and had no issues.
Ma27
approved these changes
Dec 9, 2020
Thanks! @mweinelt would you mind porting this to |
Ma27
added a commit
to Ma27/nixpkgs
that referenced
this pull request
Dec 9, 2020
ChangeLog: https://github.com/matrix-org/synapse/releases/tag/v1.24.0 This release contains two security advisories: * CVE-2020-26257[1]: possible DDoS in the federation API. * CVE-2020-1971[2]: to be fixed in NixOS#106362[3]. [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26257 [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971 [3] NixOS#106362
10 tasks
10 tasks
Ma27
added a commit
that referenced
this pull request
Dec 9, 2020
ChangeLog: https://github.com/matrix-org/synapse/releases/tag/v1.24.0 This release contains two security advisories: * CVE-2020-26257[1]: possible DDoS in the federation API. * CVE-2020-1971[2]: to be fixed in #106362[3]. [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26257 [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971 [3] #106362 (cherry picked from commit 917cac4)
vcunat
removed
the
9.needs: port to stable
A PR needs a backport to the stable release.
label
Dec 9, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation for this change
New upstream release.
https://www.openssl.org/news/changelog.html#openssl-111
Fixing EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)
https://www.openssl.org/news/secadv/20201208.txt
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)