3.2.2 for unspecified vulnera...

Graham Christensen Wed, 23 Nov 2016 20:24:44 -0800

  Branch: refs/heads/roundup-10
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 91187028984eaf0bd3b2b23c3c988466b2885f26
      
https://github.com/NixOS/nixpkgs/commit/91187028984eaf0bd3b2b23c3c988466b2885f26
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2016-11-23 (Wed, 23 Nov 2016)


  Changed paths:
    M pkgs/development/libraries/libarchive/default.nix

  Log Message:
  -----------
  libarchive: 3.2.1 -> 3.2.2 for unspecified vulnerabilities

The release notes don't cover anything in particular:

https://github.com/libarchive/libarchive/blob/ba3dec4495496280226a463b3270a60c8864a4f1/NEWS#L3


  Commit: 4a5c66135a4b2abb03a788db47601a02a886904b
      
https://github.com/NixOS/nixpkgs/commit/4a5c66135a4b2abb03a788db47601a02a886904b
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2016-11-23 (Wed, 23 Nov 2016)

  Changed paths:
    M pkgs/games/gnuchess/default.nix

  Log Message:
  -----------
  gnuchess: 6.2.3 -> 6.2.4 for CVEs

CVE-2015-8972: stack buffer overflow related to user move input, where 160 
characters of input can crash gnuchess


  Commit: a3b746851f9ac55bbbd28b031259c84bda1ca864
      
https://github.com/NixOS/nixpkgs/commit/a3b746851f9ac55bbbd28b031259c84bda1ca864
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2016-11-23 (Wed, 23 Nov 2016)

  Changed paths:
    M pkgs/applications/networking/browsers/w3m/default.nix

  Log Message:
  -----------
  w3m: 0.5.3-2015-12-20 -> 0.5.3+git20161120 for many CVEs

https://github.com/tats/w3m/blob/c94a28011f0cb8bcef4229f3f787ae04ee3fcf3e/NEWS\#L1-L52


  Commit: 336bacfa1d66eb1635ec72ba81faeb1c81938c80
      
https://github.com/NixOS/nixpkgs/commit/336bacfa1d66eb1635ec72ba81faeb1c81938c80
  Author: Franz Pletz <fpl...@fnordicwalking.de>
  Date:   2016-11-23 (Wed, 23 Nov 2016)

  Changed paths:
    M pkgs/applications/virtualization/qemu/default.nix

  Log Message:
  -----------
  qemu: add patch to fix CVE-2016-7907

cc #20647


  Commit: 9de6029cc67dd19e2e99eb188a7c81d744df8a3d
      
https://github.com/NixOS/nixpkgs/commit/9de6029cc67dd19e2e99eb188a7c81d744df8a3d
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2016-11-23 (Wed, 23 Nov 2016)

  Changed paths:
    M pkgs/development/libraries/libtiff/default.nix

  Log Message:
  -----------
  libtiff: 4.0.6 -> 4.0.7 for many CVEs

This release includes all our previous CVE patches, and suggets new ones:

 - CVE-2016-3945
 - CVE-2016-3990
 - CVE-2016-3991
 - CVE-2016-3622
 - CVE-2016-9453
 - CVE-2016-8127 (duplicate of CVE-2016-3658)
 - CVE-2016-9297
 - CVE-2016-9448


  Commit: c823eaec0a210348b03fd3e8a51d53592fc3d4be
      
https://github.com/NixOS/nixpkgs/commit/c823eaec0a210348b03fd3e8a51d53592fc3d4be
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2016-11-23 (Wed, 23 Nov 2016)

  Changed paths:
    M pkgs/applications/graphics/graphicsmagick/default.nix

  Log Message:
  -----------
  graphicsmagick: Update URLs for patches


Compare: https://github.com/NixOS/nixpkgs/compare/8c977d83004f...c823eaec0a21

_______________________________________________
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] [NixOS/nixpkgs] 911870: libarchive: 3.2.1 -> 3.2.2 for unspecified vulnera...

Reply via email to