New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
xpdf: 4.00 -> 4.02 #68616
xpdf: 4.00 -> 4.02 #68616
Conversation
Updated to 4.02 |
is it still insecure after the update? |
Yes, 2 issues will be fixed in 5.00. |
@jonringer Why we can't update to 4.02? Not waiting for 5.00. Current version 4.00 has around 45 CVEs and no one mentioned in |
oh, i didn't mean to block, i was just curious |
The main thing for me is, that previous to this, i could install xpdf fine, after this, I have to opt into allowing known vulnerabilities to install the package. Which some power users may care about, but I think most people don't. @worldofpeace what do you think? |
@sikmir You're waiting on a 5.0 release that will have patches for those cve's, or is it that patches have been committed but they're not included in a release? If they're committed we could just apply those here. Though looking at https://www.xpdfreader.com/download.html, I don't see a source repo.
I think this change should be backported, but without @sikmir Can you move the
|
I don't wait for 5.0, as far as I have no idea about when 5.0 is going out or when fixes will be done, I've just quoted official security fixes page.
Done. |
I think this is an improvement on the existing situation - what's the hold up? |
Me forgetting to merge, thanks for the reminder 😄 |
backported the update in 3dd7ed3 |
Motivation for this change
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)