Hello Nix devs, This past roundup has been especially exhausting, and I'm hoping I can get a bit of assistance before the next one opens up.
Here are four packages that I would like some help with. Some of them may be tricky, some of the may be very easy. I'm not sure... but I'm tired of looking at them. :( Here is the roundup for discussion: https://github.com/NixOS/nixpkgs/issues/22342 Thank you in advance, Graham Christensen 389-ds-base: denial of service ------------------------------ LWN Link: https://lwn.net/Vulnerabilities/713059/ Unstable: 1.3.5.15 https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/ldap/389/default.nix Stable: 1.3.3.9 https://github.com/NixOS/nixpkgs/blob/release-16.09/pkgs/servers/ldap/389/default.nix - Is upgrading stable from 1.3.5.15 to 1.3.3.9 safe? - Can we find patches to address the issue at hand? jbig2dec: denial of service --------------------------- LWN Link: https://lwn.net/Vulnerabilities/713054/ (it says Ghostscript, but I believe it to only be affecting the jbic2dec package.) Unstable: 0.11 https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/jbig2dec/default.nix Stable: 0.11 https://github.com/NixOS/nixpkgs/blob/release-16.09/pkgs/development/libraries/jbig2dec/default.nix - 0.13 isn't officially released yet, however debian is using it in some versions. - Are there patches available? - Should we go to 0.13 on unstable? What about stable? ming: multiple vulnerabilities ------------------------------ LWN Link: https://lwn.net/Vulnerabilities/712664/ Unstable: 0.4.7 https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/ming/default.nix Stable: 0.4.7 https://github.com/NixOS/nixpkgs/blob/release-16.09/pkgs/development/libraries/ming/default.nix - Generally unsure about this one or where to find a patch. - Perhaps easy to do. nagios: command execution ------------------------- LWN Link: https://lwn.net/Vulnerabilities/713145/ Unstable: 4.2.4 https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/monitoring/nagios/default.nix Stable: 4.2.4 https://github.com/NixOS/nixpkgs/blob/release-16.09/pkgs/servers/monitoring/nagios/default.nix - Perhaps not applicable, as our version is fairly up to date. - Needs triage... _______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev