Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

zziplib: CVE-2018-17828 #63189

Closed
wants to merge 1 commit into from
Closed

zziplib: CVE-2018-17828 #63189

wants to merge 1 commit into from

Conversation

mmahut
Copy link
Member

@mmahut mmahut commented Jun 16, 2019

Motivation for this change

Fixes #61961.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

Copy link
Member

@vcunat vcunat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I pushed a modified version as 3aa8f94. Problems:

  • fetchpatch changes the patch, so the hash from nix-prefetch-url (or where you took it) can't be used
  • naming after the CVE is a good practice, as e.g. the roundup tool relies on that for detection

@vcunat vcunat closed this in 3aa8f94 Jun 16, 2019
@mmahut
Copy link
Member Author

mmahut commented Jun 16, 2019

@vcunat thank you so much for your review! I will know for the next time :)

@vcunat
Copy link
Member

vcunat commented Jun 16, 2019

Díky ;-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Vulnerability roundup 68: zziplib-0.13.69: 1 advisory
2 participants