New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[r20.03] pythonPackages.asyncpg: add patch for CVE-2020-17446 #95518
[r20.03] pythonPackages.asyncpg: add patch for CVE-2020-17446 #95518
Conversation
@ofborg eval build python37Packages.asyncpg python38Packages.asyncpg python38Packages.orm python37Packages.fastapi python37Packages.starlette |
This is taking a while since nixpkgs-review is running the python3.8-uvloop-0.14.0 testsuite 🙄. (Edit: and got stuck twice already) |
Result of 5 packages failed to build:- python38Packages.asyncpg - python38Packages.databases - python38Packages.fastapi - python38Packages.orm - python38Packages.starlette 6 packages built:- python37Packages.asyncpg - python37Packages.databases - python37Packages.fastapi - python37Packages.orm - python37Packages.starlette - sourcehut.listssrht |
|
I've proposed #95591 as a granular fix for uvloop that we can port to stable. Maybe you can take a look? |
3e59b14
to
24e7620
Compare
Result of 11 packages built:- python37Packages.asyncpg - python37Packages.databases - python37Packages.fastapi - python37Packages.orm - python37Packages.starlette - python38Packages.asyncpg - python38Packages.databases - python38Packages.fastapi - python38Packages.orm - python38Packages.starlette - sourcehut.listssrht |
Motivation for this change
https://nvd.nist.gov/vuln/detail/CVE-2019-17446
master
has already been bumped for the fix (#95499)Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)