Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: a7ceb2536ab1
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 1d06d40fe067
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Apr 29, 2020

  1. coturn: apply patch for CVE-2020-6061/6062 

    Fixes: CVE-2020-6061, CVE-2020-6062

An exploitable heap overflow vulnerability exists in the way CoTURN
4.5.1.1 web server parses POST requests. A specially crafted HTTP
POST request can lead to information leaks and other misbehavior.
An attacker needs to send an HTTPS request to trigger this vulnerability.

An exploitable denial-of-service vulnerability exists in the way
CoTURN 4.5.1.1 web server parses POST requests. A specially crafted
HTTP POST request can lead to server crash and denial of service.
An attacker needs to send an HTTP request to trigger this vulnerability.

(cherry picked from commit 704a018)
    @mweinelt
    mweinelt committed Apr 29, 2020
    Copy the full SHA
    ac3ed15 View commit details

  2. Merge pull request #86271 from mweinelt/19.09/coturn/CVE-2020-6061+6062 

    [19.09] coturn: apply patch for CVE-2020-6061/6062
    @rasendubi
    rasendubi authored Apr 29, 2020
    Copy the full SHA
    1d06d40 View commit details
Showing with 9 additions and 2 deletions.
  1. +9 −2 pkgs/servers/coturn/default.nix
11 changes: 9 additions & 2 deletions pkgs/servers/coturn/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, openssl, libevent }:
{ stdenv, fetchFromGitHub, fetchpatch, openssl, libevent }:

stdenv.mkDerivation rec {
pname = "coturn";
@@ -13,7 +13,14 @@ stdenv.mkDerivation rec {

buildInputs = [ openssl libevent ];

patches = [ ./pure-configure.patch ];
patches = [
./pure-configure.patch
(fetchpatch {
name = "CVE-2020-6061+6062.patch";
url = "https://sources.debian.org/data/main/c/coturn/4.5.1.1-1.2/debian/patches/CVE-2020-6061+6062.patch";
sha256 = "0fcy1wp91bb4hlhnp96sf9bs0d9hf3pwx5f7b1r9cfvr3l5c1bk2";
})
];

meta = with stdenv.lib; {
homepage = https://coturn.net/;