Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[19.09] opensmtpd: mark as insecure due to CVE-2020-8794 / #80978 #82765

Merged
merged 2 commits into from Mar 17, 2020

Conversation

@obadz
Copy link
Contributor

@obadz obadz commented Mar 17, 2020

Security critical fix #80978 was never backported to 19.09. This marks the package as vulnerable.

@obadz obadz changed the title opensmtpd: mark as insecure due to CVE-2020-8794 / #80978 [19.09] opensmtpd: mark as insecure due to CVE-2020-8794 / #80978 Mar 17, 2020
pkgs/servers/mail/opensmtpd/default.nix Outdated Show resolved Hide resolved
@Mic92
Copy link
Member

@Mic92 Mic92 commented Mar 17, 2020

Is backporting #80978 not an option?

Co-Authored-By: Alyssa Ross <hi@alyssa.is>
@obadz
Copy link
Contributor Author

@obadz obadz commented Mar 17, 2020

@Mic92, I don't know if someone else wants to do it (I can't take that on myself at the moment). But after 3 weeks with a remote RCE, I think leaving as is should not be an option :-(

@alyssais alyssais merged commit 4f69f2c into NixOS:release-19.09 Mar 17, 2020
15 checks passed
@alyssais
Copy link
Member

@alyssais alyssais commented Mar 17, 2020

If somebody wants to backport, they can do so and revert this.

@Mic92
Copy link
Member

@Mic92 Mic92 commented Mar 17, 2020

This backports opensmtpd to 19.09: #82775

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants