-
-
Notifications
You must be signed in to change notification settings - Fork 14k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[22.05] liblouis: apply patch for CVE-2022-26981 #178230
[22.05] liblouis: apply patch for CVE-2022-26981 #178230
Conversation
For reference, fixed in master here #177570 |
Confirmed this fixes the poc for me on linux x86_64. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nixpkgs-review
happy, macos 10.15 & nixos x86_64. Builds, linux aarch64.
Backport failed for Please cherry-pick the changes locally. git fetch origin release-21.11
git worktree add -d .worktree/backport-178230-to-release-21.11 origin/release-21.11
cd .worktree/backport-178230-to-release-21.11
git checkout -b backport-178230-to-release-21.11
ancref=$(git merge-base 3b0a83ac96ea540a857197e5d7f933ffda909a16 a4f5b169f1e40aba9fd2eedcc6ebba3e9f90645e)
git cherry-pick -x $ancref..a4f5b169f1e40aba9fd2eedcc6ebba3e9f90645e |
Expected. I'll do it. |
Hmmmmmm the commit right after it looks pretty critical too TBH liblouis/liblouis@2e4772b |
I wish people were consistent in declaring CVEs. |
Fixes: CVE-2022-26981
Refs:
liblouis/liblouis#1185
GHSA-xrp8-mw8v-p6mq
https://nvd.nist.gov/vuln/detail/CVE-2022-26981
Things done