[Nix-dev] CVE-2015-7547 stdenv-changing fix merged on master and 15.09

Shea Levy shea at shealevy.com
Tue Feb 16 17:36:12 CET 2016


Fixed patch pushed to master, 15.09, and 14.12.

On 2016-02-16 10:58, Shea Levy wrote:
> There was an error with the patch, we're cooking up a fix now.
>
> On 2016-02-16 10:37, Shea Levy wrote:
>> Hi all,
>>
>> I've just merged the patch to fix CVE-2015-7547, a buffer overrun in
>> glibc with working POC exploit, into master and 15.09. It will take
>> some
>> time for the channel to update, so please use your judgment as to
>> whether you want to wait for that or switch to building from git
>> until
>> it catches up. Please check out pkgs.replaceDependency
>>
>> 
>> (https://github.com/NixOS/nixpkgs/blob/15aa139a1a131b3e34a0b49425d87cffbf93d905/pkgs/build-support/replace-dependency.nix)
>>
>> for an alternative that won't require a full rebuild in the mean
>> time.
>>
>> Eelco, Rob, can we do anything to ensure hydra capacity for the
>> rebuild?
>>
>> ~Shea
>> _______________________________________________
>> nix-dev mailing list
>> nix-dev at lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev



More information about the nix-dev mailing list