mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-10-20 04:33:19 +02:00
9e476fe740
From the description of CVE-2020-15117: > In Synergy before version 1.12.0, a Synergy server can be crashed by > receiving a kMsgHelloBack packet with a client name length set to > 0xffffffff (4294967295) if the servers memory is less than 4 GB. It > was verified that this issue does not cause a crash through the > exception handler if the available memory of the Server is more than > 4GB. While I personally would consider this a pretty low-priority issue since Synergy usually is only used in local environment, it's nevertheless better to patch known issues. Since the fix is part of version 1.12, which doesn't have a stable release yet, I'm including the fix as a patch cherry-picked from the upstream commit. I originally had the CVE number as a comment prior to the fetchpatch call in question, but since @mweinelt mentioned that https://broken.sh/ uses the patch file name[1] to match whether the software in question has been patched, I've removed my initial comment as it would be redundant. [1]: https://github.com/andir/nix-vulnerability-scanner/blob/fb63998885462/src/report/nix_patches.rs#L83-L95 Signed-off-by: aszlig <aszlig@nix.build> Fixes: https://github.com/NixOS/nixpkgs/issues/94007 |
||
|---|---|---|
| .. | ||
| accessibility | ||
| audio | ||
| backup | ||
| blockchains | ||
| display-managers | ||
| editors | ||
| gis | ||
| graphics | ||
| kde | ||
| misc | ||
| networking | ||
| office | ||
| qubes/qubes-core-vchan-xen | ||
| radio | ||
| science | ||
| search | ||
| system | ||
| version-management | ||
| video | ||
| virtualization | ||
| window-managers | ||