zziplib: 0.13.67 -> 0.13.68 (9f6a942f) · Commits · jan / nixpkgs

Commit 9f6a942f authored Feb 23, 2018 by

Florian Klink

zziplib: 0.13.67 -> 0.13.68

Bump zziplib to 0.13.68 to fix multiple CVE issues:

 - CVE-2018-6381
 (https://github.com/gdraheim/zziplib/commit/a803559fa9194be895422ba3684cf6309b6bb598)
 - CVE-2018-6484
 (https://github.com/gdraheim/zziplib/issues/14#issuecomment-363198084)
 - CVE-2018-6540
 (https://github.com/gdraheim/zziplib/commit/72ec933663f738d8e166979aa7fd5590b2104a07)
 - CVE-2018-6541
 (https://github.com/gdraheim/zziplib/issues/16#issuecomment-363197718)
 - CVE-2018-6542
 (https://github.com/gdraheim/zziplib/commit/931f962ddfec0e00d6f486df2c56d9857b55944e)

Unfortunately, getting only those patches is hard, as they're not well
referenced to linked issues. The testsuite checking for vulns
requires network access (so we can't easily test it here).

https://github.com/gdraheim/zziplib/issues/20 might still be an issue,
so keeping this as a TODO here.

parent ee16feed

Hide whitespace changes

Inline Side-by-side

Please register or to comment