Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

clightning: 0.6.1 -> 0.6.3 (security, 18.09 backport) #54001

Merged
merged 1 commit into from
Jan 16, 2019

Conversation

jb55
Copy link
Contributor

@jb55 jb55 commented Jan 15, 2019

Versions before 0.6.3 have a potential coin-stealing DoS vulnerability.

Please upgrade!

backported from commits:

ca67e65 0.6.2 -> 0.6.3
b0fbc9ed40738176b1539009bcae88f5f63b8eab split native build inputs
3c1d711 0.6.1 -> 0.6.2

Signed-off-by: William Casarin jb55@jb55.com

Motivation for this change

Security vulnerability

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

Versions before 0.6.3 have a potential coin-stealing DoS vulnerability.

Please upgrade!

backported from commits:

ca67e65 0.6.2 -> 0.6.3
b0fbc9ed40738176b1539009bcae88f5f63b8eab split native build inputs
3c1d711 0.6.1 -> 0.6.2

Signed-off-by: William Casarin <jb55@jb55.com>
@jb55 jb55 mentioned this pull request Jan 15, 2019
10 tasks
@GrahamcOfBorg GrahamcOfBorg added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild 10.rebuild-linux: 1-10 labels Jan 15, 2019
@Mic92 Mic92 merged commit d64b173 into NixOS:release-18.09 Jan 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
10.rebuild-darwin: 0 This PR does not cause any packages to rebuild 10.rebuild-linux: 1-10
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants