Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[staging-22.11] curl: backport 8.1.0 security fixes #232535

Merged
merged 1 commit into from
May 20, 2023
Merged

[staging-22.11] curl: backport 8.1.0 security fixes #232535

merged 1 commit into from
May 20, 2023

Conversation

mweinelt
Copy link
Member

https://curl.se/docs/CVE-2023-28320.html
https://curl.se/docs/CVE-2023-28321.html
https://curl.se/docs/CVE-2023-28322.html

Fixes: CVE-2023-28320, CVE-2023-28321, CVE-2023-28322

Related: #232531

Description of changes
Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.05 Release Notes (or backporting 22.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

@mweinelt mweinelt added the 1.severity: security Issues which raise a security issue, or PRs that fix one label May 18, 2023
@mweinelt mweinelt changed the title curl: backport 8.1.0 security fixes [staging-22.11] curl: backport 8.1.0 security fixes May 18, 2023
@ofborg ofborg bot added the 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild label May 18, 2023
@ofborg ofborg bot requested a review from lovek323 May 18, 2023 02:30
@vcunat vcunat merged commit 7de14f3 into NixOS:staging-22.11 May 20, 2023
@mweinelt mweinelt deleted the 22.11/curl-8.1.0-fixes branch May 20, 2023 16:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lovek323 lovek323 Awaiting requested review from lovek323

Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501+ 10.rebuild-darwin: 5001+ 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mweinelt @vcunat