mirror of
https://github.com/ryantm/nixpkgs-update.git
synced 2024-09-11 05:45:45 +03:00
38 lines
1.6 KiB
Org Mode
38 lines
1.6 KiB
Org Mode
* Issues
|
|
** https://github.com/NixOS/nixpkgs/pull/74184#issuecomment-565891652
|
|
* Fixed
|
|
** uzbl: 0.9.0 -> 0.9.1
|
|
- [[https://nvd.nist.gov/vuln/detail/CVE-2010-0011][CVE-2010-0011]]
|
|
- [[https://nvd.nist.gov/vuln/detail/CVE-2010-2809][CVE-2010-2809]]
|
|
|
|
Both CVEs refer to matchers that are date based releases, but the
|
|
author of the library switched to normal version numbering after
|
|
that, so these CVEs are reported as relevant even though they are
|
|
not.
|
|
** terraform: 0.12.7 -> 0.12.9
|
|
- [[https://nvd.nist.gov/vuln/detail/CVE-2018-9057][CVE-2018-9057]]
|
|
|
|
https://nvd.nist.gov/products/cpe/detail/492339?keyword=cpe:2.3:a:hashicorp:terraform:1.12.0:*:*:*:*:aws:*:*&status=FINAL,DEPRECATED&orderBy=CPEURI&namingFormat=2.3
|
|
|
|
CVE only applies to terraform-providers-aws, but you can only tell that by looking at the "Target Software" part.
|
|
** tor: 0.4.1.5 -> 0.4.1.6
|
|
https://nvd.nist.gov/vuln/detail/CVE-2017-16541
|
|
|
|
the CPE mistakenly uses tor for the product id when the product id should be torbrowser
|
|
** arena: 1.1 -> 1.06
|
|
- [[https://nvd.nist.gov/vuln/detail/CVE-2018-8843][CVE-2018-8843]]
|
|
- [[https://nvd.nist.gov/vuln/detail/CVE-2019-15567][CVE-2019-15567]]
|
|
|
|
Not rockwellautomation:arena
|
|
Not openforis:arena
|
|
** thrift
|
|
Apache Thrift vs Facebook Thrift
|
|
** go: 1.13.3 -> 1.13.4
|
|
https://github.com/NixOS/nixpkgs/pull/72516
|
|
|
|
Looks like maybe go used to use dates for versions and now uses
|
|
regular versions
|
|
** kanboard: 1.2.11 -> 1.2.12
|
|
https://github.com/NixOS/nixpkgs/pull/74429
|
|
cve is about a kanboard plugin provided by jenkins not kanboard itself
|