Security fixes from 2016-12-02 23:40 UTC

25 views
Skip to first unread message

Graham Christensen

unread,
Dec 2, 2016, 7:00:00 PM12/2/16
to nix-securi...@googlegroups.com

The following issues have been resolved in NixOS in unstable and
release-16.09. They remain potentially vulnerable on older major
releases.

These patches will be released to the unstable and
release-16.09 channels when Hydra finishes building the "tested" job
for each channel:

- https://hydra.nixos.org/job/nixos/release-16.09/tested
- https://hydra.nixos.org/job/nixos/trunk-combined/tested

Please consider helping with the next security roundup by commenting on
https://github.com/NixOS/nixpkgs/issues/20814.


master 16.09 Message Notes
--- --- --- ---
16995fc d573588 boehmgc: 7.2f -> 7.2g n/a
1e17f21 e7fc018 firefox: 50.0.1 -> 50.0.2 n/a
b04e23b bd39c43 firefox: 50.0 -> 5.0.1 for CVE-2016-9078 n/a
2d341ca 3bf46ba firefox-bin: 50.0 -> 50.0.1 n/a
36f980b 22389ae firefox-esr: security 45.5.0 -> 45.5.1 (#20841) n/a
18a3225 15f6c2d linux: 3.12.67 -> 3.12.68 n/a
5afc6b5 0dcdb9b linux: 4.1.35 -> 4.1.36 n/a
cc77360 c9dafb1 linux: 4.4.34 -> 4.4.35 n/a
654f5df 33287d9 linux: 4.4.35 -> 4.4.36 n/a
b47307b 5db1d94 linux: 4.8.10 -> 4.8.11 n/a
853b649 2ddf554 linux: 4.8.11 -> 4.8.12 n/a
a8eeef6 d35e2de lxc: 2.0.4 -> 2.0.6 (security) n/a
a9611a5 3275b2f mcabber: 1.0.3 -> 1.0.4 for 'roster push attack' n/a
0707962 e6fe609 mujs: 2016-09-21 -> 2016-11-30 for multiple CVEs n/a
5b6d52b 7fc197f nagios: 4.0.8 -> 4.2.3 n/a
c77011c a9523ed nagiosPluginsOfficial: 2.0.3 -> 2.1.4 n/a
b221fc1 d564833 nss: 3.27.1 -> 3.27.2 n/a
e700ff6 066166b perl-bignum: 0.43 -> 0.44 n/a
7d09138 d8e8bb4 perlPackages.DBDmysql: 4.033 -> 4.039 n/a
390f6a9 a5ffcd2 Revert "Revert "bzip2: patch for CVE-2016-3189"" n/a
7e40e89 997c6b9 rpcbind: patch for CVE-2015-7236 n/a
f4aab5b 4d15c98 thunderbird: 45.5.0 -> 45.5.1 n/a
5f4b3cd 24cd670 thunderbird-bin: 45.5.0 -> 45.5.1 n/a
eba91fa 8b7a082 tomcat6: 6.0.45 -> 6.0.48 n/a
3d0310d 1a0f5f8 tomcat7: 7.0.72 -> 7.0.73 n/a
42f1ae1 b036ad5 tomcat85: 8.5.5 -> 8.5.8 n/a
80a4750 c67cec2 tomcat8: 8.0.37 -> 8.0.39 n/a
5f78980 00fb14b tomcatUnstable: 9.0.0.M10 -> 9.0.0.M13 n/a
75cdbf4 805022c torbrowser: 6.0.6 -> 6.0.7 n/a
signature.asc
Reply all
Reply to author
Forward
0 new messages