[Nix-commits] [NixOS/nixpkgs] 2292d8: graphicsmagick: Update URLs for patches

Wed, 23 Nov 2016 20:29:49 -0800 

  Branch: refs/heads/release-16.09
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 2292d8548e6935021980ccfeb9d91e76a453e16d
      
https://github.com/NixOS/nixpkgs/commit/2292d8548e6935021980ccfeb9d91e76a453e16d
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2016-11-23 (Wed, 23 Nov 2016)

  Changed paths:
    M pkgs/applications/graphics/graphicsmagick/default.nix

  Log Message:
  -----------
  graphicsmagick: Update URLs for patches

(cherry picked from commit c823eaec0a210348b03fd3e8a51d53592fc3d4be)


  Commit: ee38d133bc35f9d92397165751e65ec1304a81c8
      
https://github.com/NixOS/nixpkgs/commit/ee38d133bc35f9d92397165751e65ec1304a81c8
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2016-11-23 (Wed, 23 Nov 2016)

  Changed paths:
    M pkgs/development/libraries/libtiff/default.nix

  Log Message:
  -----------
  libtiff: 4.0.6 -> 4.0.7 for many CVEs

This release includes all our previous CVE patches, and suggets new ones:

 - CVE-2016-3945
 - CVE-2016-3990
 - CVE-2016-3991
 - CVE-2016-3622
 - CVE-2016-9453
 - CVE-2016-8127 (duplicate of CVE-2016-3658)
 - CVE-2016-9297
 - CVE-2016-9448

(cherry picked from commit 9de6029cc67dd19e2e99eb188a7c81d744df8a3d)


  Commit: 386c9803e221a511ead8a8a7fb13c2093fb03d4a
      
https://github.com/NixOS/nixpkgs/commit/386c9803e221a511ead8a8a7fb13c2093fb03d4a
  Author: Franz Pletz <fpl...@fnordicwalking.de>
  Date:   2016-11-23 (Wed, 23 Nov 2016)

  Changed paths:
    M pkgs/applications/virtualization/qemu/default.nix

  Log Message:
  -----------
  qemu: add patch to fix CVE-2016-7907

cc #20647

(cherry picked from commit 336bacfa1d66eb1635ec72ba81faeb1c81938c80)


  Commit: 27c390f78926d8ed465dea63589177a9722aa627
      
https://github.com/NixOS/nixpkgs/commit/27c390f78926d8ed465dea63589177a9722aa627
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2016-11-23 (Wed, 23 Nov 2016)

  Changed paths:
    M pkgs/applications/networking/browsers/w3m/default.nix

  Log Message:
  -----------
  w3m: 0.5.3-2015-12-20 -> 0.5.3+git20161120 for many CVEs

https://github.com/tats/w3m/blob/c94a28011f0cb8bcef4229f3f787ae04ee3fcf3e/NEWS\#L1-L52
(cherry picked from commit a3b746851f9ac55bbbd28b031259c84bda1ca864)


  Commit: 1980c26c03e01de035c6b123bc941f8600a29756
      
https://github.com/NixOS/nixpkgs/commit/1980c26c03e01de035c6b123bc941f8600a29756
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2016-11-23 (Wed, 23 Nov 2016)

  Changed paths:
    M pkgs/games/gnuchess/default.nix

  Log Message:
  -----------
  gnuchess: 6.2.3 -> 6.2.4 for CVEs

CVE-2015-8972: stack buffer overflow related to user move input, where 160 
characters of input can crash gnuchess
(cherry picked from commit 4a5c66135a4b2abb03a788db47601a02a886904b)


  Commit: 5f69faa2694c1a923fb2574240139c07f3870d01
      
https://github.com/NixOS/nixpkgs/commit/5f69faa2694c1a923fb2574240139c07f3870d01
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2016-11-23 (Wed, 23 Nov 2016)

  Changed paths:
    M pkgs/development/libraries/libarchive/default.nix

  Log Message:
  -----------
  libarchive: 3.2.1 -> 3.2.2 for unspecified vulnerabilities

The release notes don't cover anything in particular:

https://github.com/libarchive/libarchive/blob/ba3dec4495496280226a463b3270a60c8864a4f1/NEWS#L3
(cherry picked from commit 91187028984eaf0bd3b2b23c3c988466b2885f26)


Compare: https://github.com/NixOS/nixpkgs/compare/728a9578e31a...5f69faa2694c
_______________________________________________
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

Reply via email to