Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

curl: 7.56.1 -> 7.57.0 #32161

Merged
merged 1 commit into from
Nov 29, 2017
Merged

curl: 7.56.1 -> 7.57.0 #32161

merged 1 commit into from
Nov 29, 2017

Conversation

adisbladis
Copy link
Member

Motivation for this change

Fixes CVEs:
CVE-2017-8816
CVE-2017-8817
CVE-2017-8818

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@adisbladis adisbladis added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Nov 29, 2017
@adisbladis adisbladis mentioned this pull request Nov 29, 2017
8 tasks
@orivej orivej added the 9.needs: port to stable A PR needs a backport to the stable release. label Nov 29, 2017
@orivej orivej merged commit 0e4edca into NixOS:staging Nov 29, 2017
@orivej
Copy link
Contributor

orivej commented Nov 29, 2017

@vcunat Could you take this into release-17.09 when you see fit?

@GrahamcOfBorg GrahamcOfBorg added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild 10.rebuild-linux: 0 This PR does not cause any packages to rebuild and removed 10.rebuild-darwin: 501+ 10.rebuild-linux: 501+ labels Nov 29, 2017
vcunat pushed a commit that referenced this pull request Nov 29, 2017
(cherry picked from commit 0e4edca)
It fixes three CVEs.
@samueldr samueldr removed the 9.needs: port to stable A PR needs a backport to the stable release. label Apr 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild 10.rebuild-linux: 0 This PR does not cause any packages to rebuild
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants