-
-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability roundup 43 (master) #41748
Labels
Comments
This was referenced Jun 9, 2018
I think our libxml2 is okay since we don't build it with xz/lzma support. |
8 tasks
bhipple
added a commit
to bhipple/nixpkgs
that referenced
this issue
Jun 10, 2018
Fixes mupdf issue in NixOS#41748 by applying patch from https://bugs.ghostscript.com/show_bug.cgi?id=699271
xeji
pushed a commit
that referenced
this issue
Jun 10, 2018
…e contains: CVE-2017-9935 CVE-2017-11613 CVE-2017-17095 CVE-2017-18013 CVE-2018-5784 CVE-2018-7456 Re #41748 (master) Re #41749 (release-18.03 - needs to be cherry-picked)
xeji
pushed a commit
that referenced
this issue
Jun 10, 2018
Get libtiff on the same patch level as Debian. The imported patch file contains: CVE-2017-9935 CVE-2017-11613 CVE-2017-17095 CVE-2017-18013 CVE-2018-5784 CVE-2018-7456 Re #41748 (master) Re #41749 (release-18.03 - needs to be cherry-picked) (cherry picked from commit cca45cc)
xeji
pushed a commit
that referenced
this issue
Jun 10, 2018
Fixes mupdf issue in #41748 by applying patch from https://bugs.ghostscript.com/show_bug.cgi?id=699271
vcunat
added a commit
that referenced
this issue
Jun 17, 2018
vorbis CVE-2018-10393: upstream claims that's already fixed in one patch we apply, so I'm just ticking this checkbox |
6 tasks
binutils-2.30 is not used anymore |
jasper-2.0.14 is not used anymore |
lua-5.1.5 / CVE 2014-5461 fixed in 17f5001 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Scanned nixos/release-combined.nix @ 41cdec2. Filtered out previously reported CVEs. May contain false positives.
binutils-2.30 (search, files)
jasper-2.0.14 (search, files)
libtiff-4.0.9 (search, files)
libvorbis-1.3.6 (search, files)
libxml2-2.9.8 (search, files)
lua-5.1.5 (search, files)
mupdf-1.13.0 (search, files)
qpdf-8.0.2 (search, files)
Cc: @joepie91, @phanimahesh, @the-kenny, @7c6f434c, @k0001, @peterhoeg, @nh2, @LnL7, @grahamc, @adisbladis, @fpletz, @vcunat
Contact @ckauhaus for any questions.
The text was updated successfully, but these errors were encountered: