-
-
Notifications
You must be signed in to change notification settings - Fork 13.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chromium: 116.0.5845.179 -> 116.0.5845.187 #254702
Conversation
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html This update contains 1 security fix. CVEs: CVE-2023-4863
Successfully created backport PR for |
Note that this might not actually address CVE-2023-4863 since chromium in nixpkgs doesn't use the vendored libwebp, and the fixed libwebp is currently only in staging-next. See #254798 |
After looking a lot into This is by mistake -- yes. But I am just extremely busy right now. |
Could you let me know how you determined this? My grepping of strings from libwebp does not find any matches in chromium, and it's the same method I've used to determine vendoring everywhere else. If it's wrong, that means we potentially have many more false negatives than just chromium!
|
More evidence:
No evidence of C++ code in third_party/libwebp getting built. |
Oh. I should just go to bed. I've meant You are very much right. |
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
This update contains 1 security fix.
CVEs:
CVE-2023-4863
Description of changes
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)