Skip to content

[Backport staging-23.05] libssh2: apply patch for CVE-2023-48795 #276504

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
risicle merged 1 commit into from
Dec 25, 2023
Merged

[Backport staging-23.05] libssh2: apply patch for CVE-2023-48795 #276504

risicle merged 1 commit into from
Dec 25, 2023

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Dec 24, 2023
edited by vcunat
Loading

Bot-based backport to staging-23.05, triggered by a label in #275641.

  • Before merging, ensure that this backport is acceptable for the release.
    • Even as a non-commiter, if you find that it is not acceptable, leave a comment.

@github-actions github-actions bot added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Dec 24, 2023
@github-actions github-actions bot mentioned this pull request Dec 24, 2023
Merged
13 tasks
@ofborg ofborg bot added the 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. label Dec 24, 2023
@ofborg ofborg bot requested a review from SuperSandro2000 December 24, 2023 17:58
@ofborg ofborg bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Dec 24, 2023
vcunat pushed a commit that referenced this pull request Dec 25, 2023
@leona-ya @vcunat
libssh2: apply patch for CVE-2023-48795 on *-linux
3b41404 
(cherry picked from commit 1bfeb14 and added conditioning)
I'm keeping PR #276504 to track applying the patch on all platforms.
risicle
risicle approved these changes Dec 25, 2023
View reviewed changes
Copy link
Contributor

@risicle risicle left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cherry-picked to release-23.05 for testing, built passthru.tests (from #276144) (apart from vlc) on macos 12 x86_64, nixos x86_64. Built pkgsMusl, pkgsStatic, pkgsCross.aarch64-multiplatform, pkgsi686Linux variants happily.

@risicle risicle merged commit 48d7fec into staging-23.05 Dec 25, 2023
@risicle risicle deleted the backport-275641-to-staging-23.05 branch December 25, 2023 17:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@risicle risicle risicle approved these changes

@SuperSandro2000 SuperSandro2000 Awaiting requested review from SuperSandro2000

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@risicle @leona-ya