Thanks Graham. I pushed the Exim updates for CVE-2016-9963 as well.
master: 352e167c224: exim: 4.87 -> 4.88 for CVE-2016-9963 release-16.09: d6bff30c96ed6: exim: 4.87 -> 4.87.1 for CVE-2016-9963 The release branch only got the tiny update to avoid breaking backward-compatibility. On Fri, 23 Dec 2016 at 01:28 Graham Christensen <[email protected]> wrote: > > New format! If you have feedback on formatting, or extra information you > would like to see here, please either mail the nix-dev mailing list, me > personally, or open an issue at https://github.com/nixos/security. > > Additionally: Channels are now moving forward and 16.09 users with > LetsEncrypt should be working after updating your channels and > rebuilding. > > This mail was sent to the nix-dev list as well for the previous two > issues. > > Standard email follows: > > The following issues have been resolved in NixOS in release-16.09 and > unstable. They remain potentially vulnerable on older major > releases. > > These patches will be released to the unstable and > release-16.09 channels when Hydra finishes building the "tested" job > for each channel: > > - https://hydra.nixos.org/job/nixos/release-16.09/tested > - https://hydra.nixos.org/job/nixos/trunk-combined/tested > > Please consider helping with the next security roundup by commenting on > LATEST_ROUNDUP_URL. > > The following changes were applied to release-16.09: > > af9b4c6 libtorrentRasterbar_1_0: 1.0.9 -> 1.0.10 > > Fixes potential crash on invalid input to the http parser > > and a division-by-zero bug in the super seeding logic. > > 831571c keepass: 2.33 -> 2.34 > > Recommended update from upstream. Release notes: > > http://keepass.info/news/n160611_2.34.html > > d3e9fc6 linux:3.12.68 -> 3.12.69 > > All kernel patches are considered security-sensitive. > > 6cef2f2 linux:3.18.44 -> 3.18.45 > > All kernel patches are considered security-sensitive. > > bd9eba2 zlib: patch for CVE-2016-9840, CVE-2016-9841, CVE-9842, CV.. > > CVE-2016-9840 > > CVE-2016-9841 > > CVE-2016-9842 > > CVE-2016-9843 > > 4e6223c pythonPackages.bottle: 0.12.9 -> 0.12.11 for CVE-2016-9964 > > CVE-2016-9964 > > b5de7ef xen: patch for many XSAs > > XSA-190 > > XSA-191 > > XSA-192 > > XSA-193 > > XSA-195 > > XSA-196 > > XSA-198 > > XSA-200 > > XSA_202 > > XSA-204 > > d3934be openjpeg2: patch for CVE-2016-9580, and CVE-2016-9581 > > CVE-2016-9580 > > CVE-2016-9581 > > 142b303 libupnp: 1.6.20 -> 1.6.21 for CVE-2016-8863 > > CVE-2016-8863 > > 490a23e nagios: 4.2.3 -> 4.2.4 for CVE-2016-9566 > > CVE-2016-9566 > > 6c97c1c tomcatUnstable: 9.0.0.M13 -> 9.0.0.M15 for CVE-2016-9774, .. > > CVE-2016-9774 > > CVE-2016-9775 > > 2ab18b7 tomcat85: 8.5.8 -> 8.5.9 for CVE-2016-9774, CVE-2016-9775 > > CVE-2016-9774 > > CVE-2016-9775 > > 78b5267 game-music-emu: 0.6.0 -> 0.6.1 for multiple CVEs > > CVE-2016-9957 > > CVE-2016-9958 > > CVE-2016-9959 > > CVE-2016-9960 > > CVE-2016-9961 > > b2e80a5 samba4: 4.3.11 -> 4.3.13 > > CVE-2016-2123 > > CVE-2016-2125 > > CVE-2016-2126 > > eaf6fc8 tor: 0.2.8.10 -> 0.2.8.12 > > CVE-2016-1254 > > b5edcfc squid: 3.5.19 -> 3.5.23 > > CVE-2016-10002 > > CVE-2016-10003 > ====================================================================== > > > > The following changes were applied to unstable: > > 3ffb5ba linux:3.18.44 -> 3.18.45 > > All kernel patches are considered security-sensitive. > > 53e2152 linux:3.12.68 -> 3.12.69 > > All kernel patches are considered security-sensitive. > > ecc7b33 pythonPackages.bottle: 0.12.9 -> 0.12.11 for CVE-2016-9964 > > CVE-2016-9964 > > 4e6c7fa xen: patch for many XSAs > > XSA-190 > > XSA-191 > > XSA-192 > > XSA-193 > > XSA-195 > > XSA-196 > > XSA-198 > > XSA-200 > > XSA_202 > > XSA-204 > > c7a2073 openjpeg2: patch for CVE-2016-9580, and CVE-2016-9581 > > CVE-2016-9580 > > CVE-2016-9581 > > 0d3f0f0 libupnp: 1.6.20 -> 1.6.21 for CVE-2016-8863 > > CVE-2016-8863 > > 2f17c36 nagios: 4.2.3 -> 4.2.4 for CVE-2016-9566 > > CVE-2016-9566 > > 72faac9 tomcatUnstable: 9.0.0.M13 -> 9.0.0.M15 for CVE-2016-9774, .. > > CVE-2016-9774 > > CVE-2016-9775 > > a528c04 tomcat85: 8.5.8 -> 8.5.9 for CVE-2016-9774, CVE-2016-9775 > > CVE-2016-9774 > > CVE-2016-9775 > > 2c24ce5 game-music-emu: 0.6.0 -> 0.6.1 for multiple CVEs > > CVE-2016-9957 > > CVE-2016-9958 > > CVE-2016-9959 > > CVE-2016-9960 > > CVE-2016-9961 > > 3e92b56 tor: 0.2.8.10 -> 0.2.8.12 > > CVE-2016-1254 > > 4b67968 squid: 3.5.19 -> 3.5.23 > > CVE-2016-10002 > > CVE-2016-10003 > > Thank you very much, > Graham Christensen > NixOS Security Team > https://github.com/nixos/security > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev >
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
