Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 2fab43b409d8
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: dfb4495f6387
Choose a head ref
  • 2 commits
  • 1 file changed
  • 1 contributor

Commits on Jan 10, 2020

  1. firefoxPackages.tor-browser*: mark as vulnerable 

    They both base on firefox versions where support has ended some time
ago. With CVE-2019-17026 (and other vulnerabilities) out and exploited
in the wild, these should not be used anymore. tor-browser-bundle-bin is
a better alternative.
    @flokli
    flokli committed Jan 10, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    lsix lsix
    GPG key ID: 02E1542BA66FB047
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    8619936 View commit details

  2. Merge pull request #77456 from flokli/19.09-tor-mark-insecure 

    [19.09] firefoxPackages.tor-browser*: mark as vulnerable
    @flokli
    flokli authored Jan 10, 2020
    Copy the full SHA
    dfb4495 View commit details
Showing with 2 additions and 0 deletions.
  1. +2 −0 pkgs/applications/networking/browsers/firefox/packages.nix
2 changes: 2 additions & 0 deletions pkgs/applications/networking/browsers/firefox/packages.nix
View file
Original file line number Diff line number Diff line change
@@ -261,6 +261,7 @@ in rec {
rev = "95bb92d552876a1f4260edf68fda5faa3eb36ad8";
sha256 = "1ykn3yg4s36g2cpzxbz7s995c33ij8kgyvghx38z4i8siaqxdddy";
};
meta.knownVulnerabilities = [ "Support ended in August 2018." ];
}).override {
gtk3Support = false;
};
@@ -277,6 +278,7 @@ in rec {
rev = "0489ae3158cd8c0e16c2e78b94083d8cbf0209dc";
sha256 = "0y5s7d8pg8ak990dp8d801j9823igaibfhv9hsa79nib5yllifzs";
};
meta.knownVulnerabilities = [ "Support ended around October 2019." ];

patches = [
missing-documentation-patch