[Nix-dev] CVE-2015-7547 stdenv-changing fix merged on master and 15.09
Shea Levy
shea at shealevy.com
Tue Feb 16 16:58:53 CET 2016
There was an error with the patch, we're cooking up a fix now.
On 2016-02-16 10:37, Shea Levy wrote:
> Hi all,
>
> I've just merged the patch to fix CVE-2015-7547, a buffer overrun in
> glibc with working POC exploit, into master and 15.09. It will take
> some
> time for the channel to update, so please use your judgment as to
> whether you want to wait for that or switch to building from git
> until
> it catches up. Please check out pkgs.replaceDependency
>
> (https://github.com/NixOS/nixpkgs/blob/15aa139a1a131b3e34a0b49425d87cffbf93d905/pkgs/build-support/replace-dependency.nix)
>
> for an alternative that won't require a full rebuild in the mean
> time.
>
> Eelco, Rob, can we do anything to ensure hydra capacity for the
> rebuild?
>
> ~Shea
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
More information about the nix-dev
mailing list