New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Update: pythonPackages.python-gnupg: 0.4.3 -> 0.4.4 #54553
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please mention the fixed vuln (+ link) in the commit description.
Sure. Would you like a single squashed commit? |
41cb20c
to
46477a9
Compare
Actually, I think the update and the improvements should be two separate commits so that we can backport only one of them. |
46477a9
to
026ec75
Compare
Done |
@GrahamcOfBorg build python2.pkgs.python-gnupg python3.pkgs.python-gnupg |
Thanks a lot! |
Backported in 119a931. |
Motivation for this change
Fixes CVE-2019-6690
https://blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability/
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)