Open FRidh opened 4 years ago
@ckauhaus Vulnix doesn't care about how multiple CVE's are mentioned in the filename, right? As long as it contains them?
Variants A and C are working, B not. We match "CVE-\d+-\d+" for each CVE.
Re the first question: It doesn't matter if there is more than just the CVE number in the patch name.
https://github.com/NixOS/nixpkgs/pull/72290 added a section on submitting security fixes. There are however still open questions or things that should be done: