Vulnerability roundup 76: NixOS 19.09 edition

ckauhaus · September 30, 2019, 8:20pm

In the latest vulnerability roundup I started to include NixOS 19.09. Initially the whitelist is empty–this means that all advisories reported by vulnix are included (again). Some have already been classified before as false positives. Others may have not been actionable when first reported but things have changed since then.

So I decided to submit all advisories (tickets #70082 till #70135). I need some help triaging all of them. My bet is that 50% can be closed without action…

Ticket list: https://github.com/NixOS/nixpkgs/issues?utf8=✓&q=is%3Aissue+is%3Aopen+"Vulnerability+roundup+76"

delroth · October 2, 2019, 10:05am

I’ve done a bit of triaging already, so far way more than 50% need action but maybe I was just unlucky

If you file PRs for any of these please make sure to cross-reference the GitHub issue so we can avoid duplicate work!

ryantm · April 4, 2020, 2:22am

A post was split to a new topic: How long are security updates ported to 19.09?