Skip to content

Nixos Vulnerability Patch Rollup: #10 #20668

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 24, 2016
Merged

Nixos Vulnerability Patch Rollup: #10 #20668

merged 6 commits into from
Nov 24, 2016
+22 −60

Conversation

grahamc
Copy link
Member

@grahamc grahamc commented Nov 24, 2016

Motivation for this change

Roll-up all changes in to one merge to prevent multiple mass rebuilds.

Things done
  • Tested using sandboxing
    (nix.useSandbox on NixOS,
    or option build-use-sandbox in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

re: #20647

Sorry, something went wrong.

@grahamc grahamc added 1.severity: security Issues which raise a security issue, or PRs that fix one 2.status: work-in-progress This PR isn't done 9.needs: port to stable A PR needs a backport to the stable release. labels Nov 24, 2016
@mention-bot
Copy link

@grahamc, thanks for your PR! By analyzing the history of the files in this pull request, we identified @fpletz, @edolstra and @aneeshusa to be potential reviewers.

@grahamc grahamc mentioned this pull request Nov 24, 2016
Closed
34 tasks
@grahamc grahamc removed the 2.status: work-in-progress This PR isn't done label Nov 24, 2016
grahamc and others added 6 commits November 23, 2016 23:23
@grahamc
libarchive: 3.2.1 -> 3.2.2 for unspecified vulnerabilities

Verified

This commit was signed with the committer’s verified signature. The key has expired.
grahamc Graham Christensen
GPG key ID: ACA1C1D120C83D5C
Expired
Verified
Learn about vigilant mode
9118702 
The release notes don't cover anything in particular:

https://github.com/libarchive/libarchive/blob/ba3dec4495496280226a463b3270a60c8864a4f1/NEWS#L3
@grahamc
gnuchess: 6.2.3 -> 6.2.4 for CVEs

Verified

This commit was signed with the committer’s verified signature. The key has expired.
grahamc Graham Christensen
GPG key ID: ACA1C1D120C83D5C
Expired
Verified
Learn about vigilant mode
4a5c661 
CVE-2015-8972: stack buffer overflow related to user move input, where 160 characters of input can crash gnuchess
@grahamc
w3m: 0.5.3-2015-12-20 -> 0.5.3+git20161120 for many CVEs

Verified

This commit was signed with the committer’s verified signature. The key has expired.
grahamc Graham Christensen
GPG key ID: ACA1C1D120C83D5C
Expired
Verified
Learn about vigilant mode
a3b7468 
https://github.com/tats/w3m/blob/c94a28011f0cb8bcef4229f3f787ae04ee3fcf3e/NEWS\#L1-L52
@fpletz @grahamc
qemu: add patch to fix CVE-2016-7907

Verified

This commit was signed with the committer’s verified signature. The key has expired.
grahamc Graham Christensen
GPG key ID: ACA1C1D120C83D5C
Expired
Verified
Learn about vigilant mode
336bacf 
cc #20647
@grahamc
libtiff: 4.0.6 -> 4.0.7 for many CVEs

Verified

This commit was signed with the committer’s verified signature. The key has expired.
grahamc Graham Christensen
GPG key ID: ACA1C1D120C83D5C
Expired
Verified
Learn about vigilant mode
9de6029 
This release includes all our previous CVE patches, and suggets new ones:

 - CVE-2016-3945
 - CVE-2016-3990
 - CVE-2016-3991
 - CVE-2016-3622
 - CVE-2016-9453
 - CVE-2016-8127 (duplicate of CVE-2016-3658)
 - CVE-2016-9297
 - CVE-2016-9448
@grahamc
graphicsmagick: Update URLs for patches

Verified

This commit was signed with the committer’s verified signature. The key has expired.
grahamc Graham Christensen
GPG key ID: ACA1C1D120C83D5C
Expired
Verified
Learn about vigilant mode
c823eae
@grahamc grahamc merged commit c823eae into master Nov 24, 2016
@grahamc grahamc deleted the roundup-10 branch November 24, 2016 04:33
@samueldr samueldr removed the 9.needs: port to stable A PR needs a backport to the stable release. label Apr 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@grahamc @mention-bot @samueldr @fpletz