New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libvorbis: document that patch for CVE-2017-14160 also fixes CVE-2018-10393. #82552
Conversation
16323d2
to
dde3b0f
Compare
@@ -12,6 +12,7 @@ stdenv.mkDerivation rec { | |||
|
|||
patches = [ | |||
(fetchpatch { | |||
# Also fixes CVE-2018-10393. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's better to all CVEs in the patch name so it's detected by tools like vulnix
and https://broken.sh.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At the very least Vulnix only check the instantiated derivation, not the expression.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done, switched to the canonical "CVE...+CVE..." filename format.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After this we need to switch the PR to staging
though because the name change is a mass rebuild.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After this we need to switch the PR to
staging
though because the name change is a mass rebuild.
I've done this now.
…-10393. Fixes NixOS#57159. Signed-off-by: David Anderson <dave@natulte.net>
dde3b0f
to
b5f9015
Compare
Fixes #57159
Motivation for this change
Helping tools figure out that CVE-2018-10393 is patched.
cc @andir as requested