Merge pull request #123590 from mweinelt/20.09/rxvt

[20.09] rxvt-unicode: 9.22 -> 9.26; rxvt, mrxvt, eterm: mark with knownVulnerable
NixOS · May 18, 2021 · 33824cd · 33824cd
2 parents dbd7141 + b4322b4
commit 33824cd
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 2 deletions.
diff --git a/pkgs/applications/misc/eterm/default.nix b/pkgs/applications/misc/eterm/default.nix
@@ -22,5 +22,8 @@ stdenv.mkDerivation rec {
     license = licenses.bsd2;
     maintainers = [ maintainers.AndersonTorres ];
     platforms = platforms.linux;
+    knownVulnerabilities = [
+      "Usage of ANSI escape sequences causes unexpected newline-termination, leading to unexpected command execution (https://www.openwall.com/lists/oss-security/2021/05/17/1)"
+    ];
   };
 }
diff --git a/pkgs/applications/misc/mrxvt/default.nix b/pkgs/applications/misc/mrxvt/default.nix
@@ -36,5 +36,8 @@ stdenv.mkDerivation {
     homepage = "https://sourceforge.net/projects/materm";
     license = licenses.gpl2;
     platforms = platforms.linux;
+    knownVulnerabilities = [
+      "Usage of ANSI escape sequences causes unexpected newline-termination, leading to unexpected command execution (https://www.openwall.com/lists/oss-security/2021/05/17/1)"
+    ];
   };
 }
diff --git a/pkgs/applications/misc/rxvt-unicode/default.nix b/pkgs/applications/misc/rxvt-unicode/default.nix
@@ -9,7 +9,7 @@
 
 let
   pname = "rxvt-unicode";
-  version = "9.22";
+  version = "9.26";
   description = "A clone of the well-known terminal emulator rxvt";
 
   desktopItem = makeDesktopItem {
@@ -31,7 +31,7 @@ stdenv.mkDerivation {
 
   src = fetchurl {
     url = "http://dist.schmorp.de/rxvt-unicode/Attic/rxvt-unicode-${version}.tar.bz2";
-    sha256 = "1pddjn5ynblwfrdmskylrsxb9vfnk3w4jdnq2l8xn2pspkljhip9";
+    sha256 = "12y9p32q0v7n7rhjla0j2g9d5rj2dmwk20c9yhlssaaxlawiccb4";
   };
 
   buildInputs =

diff --git a/pkgs/applications/misc/rxvt/default.nix b/pkgs/applications/misc/rxvt/default.nix
@@ -35,5 +35,8 @@ stdenv.mkDerivation rec {
     maintainers = with maintainers; [ AndersonTorres ];
     license = licenses.gpl2;
     platforms = platforms.linux;
+    knownVulnerabilities = [
+      "Usage of ANSI escape sequences causes unexpected newline-termination, leading to unexpected command execution (https://www.openwall.com/lists/oss-security/2021/05/17/1)"
+    ];
   };
 }