Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 3423d0f31ad0
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 311d91b4e043
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Nov 27, 2020

  1. libxml2: fix CVE-2020-24977 

    Fixes an out-of-bounds read when using xmllint with the --htmlout
parameter.

Fixes: CVE-2020-24977
(cherry picked from commit ab61f16)
    @mweinelt
    mweinelt committed Nov 27, 2020
    Copy the full SHA
    94b18a5 View commit details

  2. Merge pull request #105171 from mweinelt/20.09/libxml2 

    [staging-20.09] libxml2: fix CVE-2020-24977
    @mweinelt
    mweinelt authored Nov 27, 2020
    Copy the full SHA
    311d91b View commit details
Showing with 8 additions and 3 deletions.
  1. +8 −3 pkgs/development/libraries/libxml2/default.nix
11 changes: 8 additions & 3 deletions pkgs/development/libraries/libxml2/default.nix
View file
Original file line number Diff line number Diff line change
@@ -27,15 +27,20 @@ stdenv.mkDerivation rec {
# https://github.com/NixOS/nixpkgs/pull/63174
# https://github.com/NixOS/nixpkgs/pull/72342
./utf8-xmlErrorFuncHandler.patch
(fetchpatch {
name = "CVE-2019-20388.patch";
url = "https://gitlab.gnome.org/GNOME/libxml2/commit/6088a74bcf7d0c42e24cff4594d804e1d3c9fbca.patch";
sha256 = "070s7al2r2k92320h9cdfc2097jy4kk04d0disc98ddc165r80jl";
})
(fetchpatch {
name = "CVE-2020-7595.patch";
url = "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c8907645d2e155f0d89d4d9895ac5112b5.patch";
sha256 = "0klvaxkzakkpyq0m44l9xrpn5kwaii194sqsivfm6zhnb9hhl15l";
})
(fetchpatch {
name = "CVE-2019-20388.patch";
url = "https://gitlab.gnome.org/GNOME/libxml2/commit/6088a74bcf7d0c42e24cff4594d804e1d3c9fbca.patch";
sha256 = "070s7al2r2k92320h9cdfc2097jy4kk04d0disc98ddc165r80jl";
name = "CVE-2020-24977.patch";
url = "https://gitlab.gnome.org/GNOME/libxml2/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2.patch";
sha256 = "093f1ic5qfiq8nk9mc6b8p1qcs8m9hir3ardr6r5il4zi2dnjrj4";
})
];