Skip to content

C-ares: Fix for CVE-2017-1000381 #27558

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 22, 2017
Merged

C-ares: Fix for CVE-2017-1000381 #27558

merged 1 commit into from
Jul 22, 2017
+2 −2

Conversation

adisbladis
Copy link
Member

Motivation for this change

C-ares: Fix for CVE-2017-1000381

Causes quite a large rebuild

Things done
  • Tested using sandboxing
    (nix.useSandbox on NixOS,
    or option build-use-sandbox in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

Sorry, something went wrong.

@adisbladis
c-ares: 1.12.0 -> 1.13.0 for CVE-2017-1000381

Verified

This commit was signed with the committer’s verified signature. The key has expired.
erictapen Kerstin
GPG key ID: 5F24E3BD56617EB2
Expired
Verified
Learn about vigilant mode
66976bc
@mention-bot
Copy link

@adisbladis, thanks for your PR! By analyzing the history of the files in this pull request, we identified @grahamc and @wkennington to be potential reviewers.

@joachifm joachifm added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Jul 22, 2017
@grahamc grahamc merged commit 8e94557 into NixOS:master Jul 22, 2017
@grahamc
Copy link
Member

grahamc commented Jul 22, 2017

Thank you for the PR! Applied to 17.03: 0c1c07e

@FRidh
Copy link
Member

FRidh commented Jul 22, 2017

Unfortunately staging is currently broken but otherwise this should have gone through staging (>13000 rebuilds although some may be from 2fb3cc1).

@grahamc
Copy link
Member

grahamc commented Jul 22, 2017

I've always skipped staging for mass-rebuild inducing security patches when the issue is scored medium-or-above, especially when access complexity is low / no user interaction is needed. I'd be happy to reevaluate this personal policy (or maybe even document it somewhere other than right here :P) if you believe I shouldn't do that.

@FRidh
Copy link
Member

FRidh commented Jul 22, 2017

Perhaps it would be good to have a discussion on this topic some time. What I wrote is also more of my own policy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@adisbladis @mention-bot @grahamc @FRidh @joachifm