Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: fe4a40a782ac
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 2a7c7cb06c0d
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Apr 29, 2020

  1. coturn: apply patch for CVE-2020-6061/6062 

    Fixes: CVE-2020-6061, CVE-2020-6062

An exploitable heap overflow vulnerability exists in the way CoTURN
4.5.1.1 web server parses POST requests. A specially crafted HTTP
POST request can lead to information leaks and other misbehavior.
An attacker needs to send an HTTPS request to trigger this vulnerability.

An exploitable denial-of-service vulnerability exists in the way
CoTURN 4.5.1.1 web server parses POST requests. A specially crafted
HTTP POST request can lead to server crash and denial of service.
An attacker needs to send an HTTP request to trigger this vulnerability.

(cherry picked from commit 704a018)
    @mweinelt
    mweinelt committed Apr 29, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    142060c View commit details

  2. Merge pull request #86270 from mweinelt/20.03/coturn/CVE-2020-6061+6062 

    [20.03] coturn: apply patch for CVE-2020-6061/6062
    @rasendubi
    rasendubi authored Apr 29, 2020
    Copy the full SHA
    2a7c7cb View commit details
Showing with 9 additions and 2 deletions.
  1. +9 −2 pkgs/servers/coturn/default.nix
11 changes: 9 additions & 2 deletions pkgs/servers/coturn/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, openssl, libevent }:
{ stdenv, fetchFromGitHub, fetchpatch, openssl, libevent }:

stdenv.mkDerivation rec {
pname = "coturn";
@@ -13,7 +13,14 @@ stdenv.mkDerivation rec {

buildInputs = [ openssl libevent ];

patches = [ ./pure-configure.patch ];
patches = [
./pure-configure.patch
(fetchpatch {
name = "CVE-2020-6061+6062.patch";
url = "https://sources.debian.org/data/main/c/coturn/4.5.1.1-1.2/debian/patches/CVE-2020-6061+6062.patch";
sha256 = "0fcy1wp91bb4hlhnp96sf9bs0d9hf3pwx5f7b1r9cfvr3l5c1bk2";
})
];

meta = with stdenv.lib; {
homepage = https://coturn.net/;