Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 92231f4f32f6
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: c97be6939914
Choose a head ref
  • 1 commit
  • 1 file changed
  • 1 contributor

Commits on Mar 9, 2020

  1. rkt: add CVEs 

    https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
(cherry picked from commit c4c936f)
(cherry picked from commit 58fa229)
    @zowoq @Mic92
    zowoq authored and Mic92 committed Mar 9, 2020
    Copy the full SHA
    c97be69 View commit details
Showing with 5 additions and 0 deletions.
  1. +5 −0 pkgs/applications/virtualization/rkt/default.nix
5 changes: 5 additions & 0 deletions pkgs/applications/virtualization/rkt/default.nix
View file
Original file line number Diff line number Diff line change
@@ -69,5 +69,10 @@ in stdenv.mkDerivation rec {
license = licenses.asl20;
maintainers = with maintainers; [ ragge steveej ];
platforms = [ "x86_64-linux" ];
knownVulnerabilities = [
"CVE-2019-10144: processes run with `rkt enter` are given all capabilities during stage 2"
"CVE-2019-10145: processes run with `rkt enter` do not have seccomp filtering during stage 2"
"CVE-2019-10147: processes run with `rkt enter` are not limited by cgroups during stage 2"
];
};
}