New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
spamassassin: 3.4.3 -> 3.4.4 #108559
spamassassin: 3.4.3 -> 3.4.4 #108559
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me. I couldn't test it as I've no setup using it and we are lacking a nixos test.
I'd appreciate if we could add references to the two CVEs fixed in the release:
2020-01-28: Apache SpamAssassin 3.4.4 has been released! Apache SpamAssassin 3.4.4 is primarily a security release. In this release, there are bug fixes for two CVEs:
CVE-2020-1931 for Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.
CVE-2020-1930 for Nefarious rule configuration (.cf) files can be configured to run system commands with sa-compile.`
(might be worth backporting to 20.09 as well)
Fixes: CVE-2020-1930 Fixes: CVE-2020-1931
Gotta get those sweet Repology notifications.
This is a semi-automatic executed nixpkgs-review which does not build all packages (e.g. lumo, tensorflow or pytorch) Result of 3 packages failed to build and are new build failures:
1 package built:
My machine has no big-parallel to build evolution. |
This is a semi-automatic executed nixpkgs-review which does not build all packages (e.g. lumo, tensorflow or pytorch) Result of 1 package marked as broken and skipped:
1 package built:
|
Backport in 4296e67. |
erictapen <notifications@github.com> writes:
Backport in 4296e67.
Thank you :)
|
Motivation for this change
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)