Unverified Commit 875233a7 authored by Thomas Gerbet's avatar Thomas Gerbet Committed by GitHub
Browse files

Merge pull request #336828 from emilazy/push-lnwmxoqyymyt 

olm: add more information to `knownVulnerabilities`
parents b8f3c780 069f7de1

pkgs/development/libraries/olm/default.nix

+9 −2
Original line number Diff line number Diff line
@@ -51,6 +51,12 @@ stdenv.mkDerivation rec { 


      For further information, see:



      * The CVE records for the known vulnerabilities:



        * CVE-2024-45191

        * CVE-2024-45192

        * CVE-2024-45193



      * The libolm deprecation notice:

        <https://gitlab.matrix.org/matrix-org/olm/-/blob/6d4b5b07887821a95b144091c8497d09d377f985/README.md#important-libolm-is-now-deprecated>
@@ -60,8 +66,9 @@ stdenv.mkDerivation rec { 
      * The blog post disclosing the details of the known vulnerabilities:

        <https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/>



      * The Matrix.org project lead’s response to the disclosure:

        <https://news.ycombinator.com/item?id=41249371>

      * The announcement in This Week in Matrix from the Matrix.org

        project lead:

        <https://matrix.org/blog/2024/08/16/this-week-in-matrix-2024-08-16/#dept-of-encryption-closed-lock-with-key>



      * A (likely incomplete) aggregation of client tracking issue links:

        <https://github.com/NixOS/nixpkgs/pull/334638#issuecomment-2289025802>