Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

limesurvey: 5.6.9+230306 -> 6.1.2+230606, unmark broken #237389

Merged
merged 1 commit into from
Jun 14, 2023
Merged

limesurvey: 5.6.9+230306 -> 6.1.2+230606, unmark broken #237389

merged 1 commit into from
Jun 14, 2023

Conversation

LeSuisse
Copy link
Contributor

@LeSuisse LeSuisse commented Jun 12, 2023
edited
Loading

Description of changes

Changelog: https://github.com/LimeSurvey/LimeSurvey/blob/6.1.2%2B230606/docs/release_notes.txt

This upgrade contains security fixes:

  • XSS issue in notification email address
  • Issue in CSV user export
  • Removed vulnerable example files
  • Administrator can change his own password without entering the existing one
  • Unsafe way to detect IP address against brute-force attacks
Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.11 Release Notes (or backporting 23.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Result of nixpkgs-review pr 237389 run on x86_64-linux 1

1 package built:
  • limesurvey

@LeSuisse
limesurvey: 5.6.9+230306 -> 6.1.2+230606, unmark broken
0b80a5b 
Changelog: https://github.com/LimeSurvey/LimeSurvey/blob/6.1.2%2B230606/docs/release_notes.txt

This upgrade contains security fixes:
* XSS issue in notification email address
* Issue in CSV user export
* Removed vulnerable example files
* Administrator can change his own password without entering the existing one
* Unsafe way to detect IP address against brute-force attacks
@LeSuisse LeSuisse requested a review from Atemu June 12, 2023 16:56
@ofborg ofborg bot requested a review from offlinehacker June 12, 2023 17:15
@LeSuisse LeSuisse mentioned this pull request Jun 12, 2023
Closed
8 tasks
Atemu
Atemu approved these changes Jun 13, 2023
View reviewed changes
Copy link
Member

@Atemu Atemu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't use this but it seems to start up just fine.

@Atemu Atemu merged commit 39b3edb into NixOS:master Jun 14, 2023
@LeSuisse LeSuisse deleted the limesurvey-6.1.2 branch June 14, 2023 20:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Atemu Atemu Atemu approved these changes

@offlinehacker offlinehacker Awaiting requested review from offlinehacker

Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 1-10 10.rebuild-darwin: 1 10.rebuild-linux: 1-10 10.rebuild-linux: 1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@LeSuisse @Atemu