Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[24.11] python312Packages.python-multipart: fix CVE-2024-53981 #362621

Merged
merged 1 commit into from
Dec 9, 2024
Merged

[24.11] python312Packages.python-multipart: fix CVE-2024-53981 #362621

merged 1 commit into from
Dec 9, 2024
+22 −0

Conversation

dotlambda
Copy link
Member

fixes CVE-2024-53981

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@dotlambda dotlambda added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Dec 7, 2024
@dotlambda dotlambda requested a review from mweinelt December 7, 2024 00:00
@dotlambda dotlambda changed the title python312Packages.python-multipart: 0.0.12 -> 0.0.19 [24.11] python312Packages.python-multipart: 0.0.12 -> 0.0.19 Dec 7, 2024
@ofborg ofborg bot requested a review from risicle December 7, 2024 19:46
@dotlambda dotlambda marked this pull request as draft December 8, 2024 18:05
@dotlambda
Copy link
Member Author

Rename import to python_multipart

in https://github.com/Kludex/python-multipart/releases/tag/0.0.13 is a breaking change, so we need to use a patch instead.

@dotlambda dotlambda force-pushed the python3Packages.python-multipart branch from a1c9828 to bb2a6df Compare December 8, 2024 20:36
@dotlambda dotlambda marked this pull request as ready for review December 8, 2024 20:37
@dotlambda dotlambda changed the title [24.11] python312Packages.python-multipart: 0.0.12 -> 0.0.19 [24.11] python312Packages.python-multipart: fix CVE-2024-53981 Dec 8, 2024
@dotlambda dotlambda merged commit 41c30e6 into NixOS:staging-next-24.11 Dec 9, 2024
46 of 48 checks passed
@dotlambda dotlambda deleted the python3Packages.python-multipart branch December 9, 2024 17:49
@nixpkgs-ci
Copy link
Contributor

nixpkgs-ci bot commented Dec 9, 2024

Successfully created backport PR for staging-24.05:

@nixpkgs-ci nixpkgs-ci bot mentioned this pull request Dec 9, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mweinelt mweinelt Awaiting requested review from mweinelt

@risicle risicle Awaiting requested review from risicle

Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: python 10.rebuild-darwin: 501+ 10.rebuild-darwin: 2501-5000 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dotlambda