Closed ckauhaus closed 6 years ago
Imagemagick was fixed by https://github.com/NixOS/nixpkgs/pull/33324
Postgresql was fixed by https://github.com/NixOS/nixpkgs/pull/33300
Meltdown was fixed in 4.9.74 (https://github.com/NixOS/nixpkgs/commit/56f91dcb7b57449e171a05836b714c88e1e56f4b). Latest kernel in the 4.9 series is 4.9.75 (https://github.com/NixOS/nixpkgs/commit/19eb5d6c273d0d31ff4e3e6954d8ff2fc6f3c686).
Taglib was fixed in https://github.com/NixOS/nixpkgs/commit/2e00e2b27667cd2da433996a5c957bb36520aa77
CVE-2017-3738 is considered to be low impact and will be fixed in OpenSSL 1.1.0h.
rsync fixed in 5e85657ba5763b496388b9820519ec99a238f613
Neither OpenJPEG
CVE (CVE-2017-17479
& CVE-2017-17480
) has upstream patches yet.
CVE-2017-14108
has no patch but is very low severity (DoS on crafted files).
exiv2
: https://github.com/Exiv2/exiv2/issues/187 — no upstream patch yet, attempts to debug the problem are ongoing.
Yeah - every issue listed in the ticket has either a fix or some indication of fix (un-)availibity. That was really fast. Now it's time for backports.
I forgot to mention I fixed the OpenSSL CVE in https://github.com/NixOS/nixpkgs/pull/33544
nixos-17.09 is EOL
Scanned nixos/release-combined.nix @ f59a0f7. Filtered out previously reported CVEs. May contain false positives.
exiv2-0.26 (search, files)
gedit-3.22.1 (search, files)
imagemagick-6.9.9-26 (search, files)
openjpeg-2.3.0 (search, files)
openssl-1.1.0g (search, files)
postgresql-9.6.5 (search, files)
rsync-3.1.2 (search, files)
taglib-1.11.1 (search, files)
linux-4.9.73 (added manually for Meltdown)
Cc: @NixOS/security-notifications, @joepie91, @phanimahesh, @the-kenny, @7c6f434c, @k0001, @peterhoeg, @nh2, @LnL7
Contact @ckauhaus for any questions.