[Nix-dev] CVE-2015-7547 stdenv-changing fix merged on master and 15.09
Shea Levy
shea at shealevy.com
Tue Feb 16 16:37:51 CET 2016
Hi all,
I've just merged the patch to fix CVE-2015-7547, a buffer overrun in
glibc with working POC exploit, into master and 15.09. It will take some
time for the channel to update, so please use your judgment as to
whether you want to wait for that or switch to building from git until
it catches up. Please check out pkgs.replaceDependency
(https://github.com/NixOS/nixpkgs/blob/15aa139a1a131b3e34a0b49425d87cffbf93d905/pkgs/build-support/replace-dependency.nix)
for an alternative that won't require a full rebuild in the mean time.
Eelco, Rob, can we do anything to ensure hydra capacity for the
rebuild?
~Shea
More information about the nix-dev
mailing list