Unverified Commit 98c6798b authored by Martin Weinelt's avatar Martin Weinelt
Browse files

wallabag: 2.5.2 -> 2.5.3 

https://github.com/wallabag/wallabag/releases/tag/2.5.3

Fixes two security issues, were an authorized user could
- export other users entries
- modify or delete other user's annotations

Fixes: CVE-2023-0609, CVE-2023-0610
parent 1efc432d

pkgs/servers/web-apps/wallabag/default.nix

+6 −2
Original line number Diff line number Diff line
@@ -16,7 +16,7 @@ 


let

  pname = "wallabag";

  version = "2.5.2";

  version = "2.5.3";

in

stdenv.mkDerivation {

  inherit pname version;
@@ -27,7 +27,7 @@ stdenv.mkDerivation { 
      "https://static.wallabag.org/releases/wallabag-release-${version}.tar.gz"

      "https://github.com/wallabag/wallabag/releases/download/${version}/wallabag-${version}.tar.gz"

    ];

    hash = "sha256-Q989SorGPm3KBuQhGAinYU6HGIa9RrhtRPvwGALU6jk=";

    hash = "sha256-a30z9rdXcfc2eVuShEobgDWWHr9TfMwq9WwaWdrI3QU=";

  };



  patches = [
@@ -45,8 +45,12 @@ stdenv.mkDerivation { 
  dontBuild = true;



  installPhase = ''

    runHook preInstall



    mkdir $out

    cp -R * $out/



    runHook postInstall

  '';



  meta = with lib; {