Nixpkgs security tracker

Permalink CVE-2012-4512

created 2 months ago Activity log

Created suggestion 2 months ago

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows …

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

References

http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc x_transferredx_refsource_MISC
http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html x_transferredx_refsource_MISC
http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/10/11/11 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/10/30/6 x_transferredx_refsource_MISC
http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=a872c8a969a8bd37… x_transferredx_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2012-1416.html x_transferredx_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2012-1418.html x_transferredx_refsource_MISC
http://www.securitytracker.com/id?1027709 x_transferredx_refsource_MISC
http://secunia.com/advisories/51097 x_transferredx_refsource_MISC
http://secunia.com/advisories/51145 x_transferredx_refsource_MISC

Affected products

Konqueror

==4.7.3

Matching in nixpkgs

pkgs.libsForQt5.konqueror

Web browser, file manager and viewer

pkgs.kdePackages.konqueror

Web browser and Swiss Army knife for any kind of file management and previewing

nixos-unstable 25.12.2
- nixpkgs-unstable 25.12.2
- nixos-unstable-small 25.12.2
nixos-25.11 25.08.3
- nixos-25.11-small 25.08.3
- nixpkgs-25.11-darwin 25.08.3

pkgs.plasma5Packages.konqueror

Web browser, file manager and viewer

Package maintainers

@mjm Matt Moriarity <matt@mattmoriarity.com>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@K900 Ilya K. <me@0upti.me>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@NickCao Nick Cao <nickcao@nichi.co>

Permalink CVE-2009-5004

created 2 months ago Activity log

Created suggestion 2 months ago

qpid-cpp 1.0 crashes when a large message is sent and …

qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .

References

https://security-tracker.debian.org/tracker/CVE-2009-5004 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-5004 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2009-5004 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=501792 x_transferredx_refsource_MISC

Affected products

qpid-cpp

==1.0

Matching in nixpkgs

pkgs.qpid-cpp

AMQP message broker and a C++ messaging API

nixos-unstable 1.39.0
- nixpkgs-unstable 1.39.0
- nixos-unstable-small 1.39.0
nixos-25.11 1.39.0
- nixos-25.11-small 1.39.0
- nixpkgs-25.11-darwin 1.39.0

Permalink CVE-2012-5644

created 2 months ago Activity log

Created suggestion 2 months ago

libuser has information disclosure when moving user's home directory

References

https://security-tracker.debian.org/tracker/CVE-2012-5644 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5644 x_transferredx_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102068.html x_transferredx_refsource_MISC
Red Hat vendor-advisoryx_transferredx_refsource_REDHAT

Affected products

libuser

==Fixed in 1:0.60

Matching in nixpkgs

pkgs.lomiri.libusermetrics

Enables apps to locally store interesting numerical data for later presentation

nixos-unstable 1.4.0
- nixpkgs-unstable 1.4.0
- nixos-unstable-small 1.4.0
nixos-25.11 1.3.3
- nixos-25.11-small 1.3.3
- nixpkgs-25.11-darwin 1.3.3

Package maintainers

@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>

Permalink CVE-2011-4968

created 2 months ago Activity log

Created suggestion 2 months ago

nginx http proxy module does not verify peer identity of …

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)

References

https://security-tracker.debian.org/tracker/CVE-2011-4968 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968 x_transferredx_refsource_MISC
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-4968 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/01/03/8 x_transferredx_refsource_MISC
http://www.securityfocus.com/bid/57139 x_transferredx_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/80952 x_transferredx_refsource_MISC

Affected products

nginx

==through 1.6.2

Matching in nixpkgs

pkgs.nginx

Reverse proxy and lightweight webserver

nixos-unstable 1.28.2
- nixpkgs-unstable 1.28.2
- nixos-unstable-small 1.28.2
nixos-25.11 1.28.2
- nixos-25.11-small 1.28.2
- nixpkgs-25.11-darwin 1.28.2

pkgs.coc-nginx

nginx-language-server extension for coc.nvim

nixos-unstable 0.5.0
- nixpkgs-unstable 0.5.0
- nixos-unstable-small 0.5.0
nixos-25.11 0.5.0
- nixos-25.11-small 0.5.0
- nixpkgs-25.11-darwin 0.5.0

pkgs.nginx-doc

Reverse proxy and lightweight webserver (documentation)

nixos-unstable 2022-05-05
- nixpkgs-unstable 2022-05-05
- nixos-unstable-small 2022-05-05
nixos-25.11 2022-05-05
- nixos-25.11-small 2022-05-05
- nixpkgs-25.11-darwin 2022-05-05

pkgs.nginx-sso

SSO authentication provider for the auth_request nginx module

nixos-unstable 0.27.6
- nixpkgs-unstable 0.27.6
- nixos-unstable-small 0.27.6
nixos-25.11 0.27.4
- nixos-25.11-small 0.27.4
- nixpkgs-25.11-darwin 0.27.4

pkgs.nginxQuic

Reverse proxy and lightweight webserver

pkgs.nginxStable

Reverse proxy and lightweight webserver

nixos-unstable 1.28.2
- nixpkgs-unstable 1.28.2
- nixos-unstable-small 1.28.2
nixos-25.11 1.28.2
- nixos-25.11-small 1.28.2
- nixpkgs-25.11-darwin 1.28.2

pkgs.nginxMainline

Reverse proxy and lightweight webserver

nixos-unstable 1.29.5
- nixpkgs-unstable 1.29.5
- nixos-unstable-small 1.29.5
nixos-25.11 1.29.5
- nixos-25.11-small 1.29.5
- nixpkgs-25.11-darwin 1.29.5

pkgs.nginxShibboleth

Reverse proxy and lightweight webserver

nixos-unstable 1.28.2
- nixpkgs-unstable 1.28.2
- nixos-unstable-small 1.28.2
nixos-25.11 1.28.2
- nixos-25.11-small 1.28.2
- nixpkgs-25.11-darwin 1.28.2

pkgs.tailscale-nginx-auth

Tool that allows users to use Tailscale Whois authentication with NGINX as a reverse proxy

nixos-unstable 1.94.1
- nixpkgs-unstable 1.94.2
- nixos-unstable-small 1.94.2
nixos-25.11 1.90.9
- nixos-25.11-small 1.90.9
- nixpkgs-25.11-darwin 1.90.9

pkgs.vimPlugins.coc-nginx

nginx-language-server extension for coc.nvim

nixos-unstable 0.5.0
- nixpkgs-unstable 0.5.0
- nixos-unstable-small 0.5.0
nixos-25.11 0.5.0
- nixos-25.11-small 0.5.0
- nixpkgs-25.11-darwin 0.5.0

pkgs.nginx-language-server

Language server for nginx.conf

nixos-unstable 0.9.0
- nixpkgs-unstable 0.9.0
- nixos-unstable-small 0.9.0
nixos-25.11 0.9.0
- nixos-25.11-small 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.nginx-config-formatter

nginx config file formatter

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.11 1.3.0
- nixos-25.11-small 1.3.0
- nixpkgs-25.11-darwin 1.3.0

pkgs.prometheus-nginx-exporter

NGINX Prometheus Exporter for NGINX and NGINX Plus

nixos-unstable 1.5.1
- nixpkgs-unstable 1.5.1
- nixos-unstable-small 1.5.1
nixos-25.11 1.5.1
- nixos-25.11-small 1.5.1
- nixpkgs-25.11-darwin 1.5.1

pkgs.azure-cli-extensions.nginx

Microsoft Azure Command-Line Tools Nginx Extension

nixos-unstable 2.0.0b8
- nixpkgs-unstable 2.0.0b8
- nixos-unstable-small 2.0.0b8
nixos-25.11 2.0.0b8
- nixos-25.11-small 2.0.0b8
- nixpkgs-25.11-darwin 2.0.0b8

pkgs.prometheus-nginxlog-exporter

Export metrics from Nginx access log files to Prometheus

nixos-unstable 1.11.0
- nixpkgs-unstable 1.11.0
- nixos-unstable-small 1.11.0
nixos-25.11 1.11.0
- nixos-25.11-small 1.11.0
- nixpkgs-25.11-darwin 1.11.0

pkgs.python312Packages.certbot-nginx

Nginx plugin for Certbot

nixos-25.11 5.1.0
- nixos-25.11-small 5.1.0
- nixpkgs-25.11-darwin 5.1.0

pkgs.python313Packages.certbot-nginx

Nginx plugin for Certbot

nixos-unstable 5.1.0
- nixpkgs-unstable 5.1.0
- nixos-unstable-small 5.1.0
nixos-25.11 5.1.0
- nixos-25.11-small 5.1.0
- nixpkgs-25.11-darwin 5.1.0

pkgs.python314Packages.certbot-nginx

Nginx plugin for Certbot

nixos-unstable 5.1.0
- nixpkgs-unstable 5.1.0
- nixos-unstable-small 5.1.0

pkgs.vimPlugins.nvim-treesitter-parsers.nginx

None

nixos-unstable 0.0.0+rev=47ade64
- nixpkgs-unstable 0.0.0+rev=47ade64
- nixos-unstable-small 0.0.0+rev=47ade64
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

Package maintainers

@katexochen Paul Meyer <katexochen0@gmail.com>
@ulrikstrid Ulrik Strid <ulrik.strid@outlook.com>
@Conni2461 Simon Hauser <simon-hauser@outlook.com>
@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
@RaitoBezarius Ryan Lahfa <ryan@lahfa.xyz>
@dasJ Janne Heß <janne@hess.ooo>
@Baughn Svein Ove Aas <sveina@gmail.com>
@KAction Dmitry Bogatov <KAction@disroot.org>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
@ambroisie Bruno BELANYI <bruno.nixpkgs@belanyi.fr>
@globin Robin Gloster <mail@glob.in>
@WilliButz Willi Butz <willibutz@posteo.de>
@benley Benjamin Staffin <benley@gmail.com>
@mmahut Marek Mahut <marek.mahut@gmail.com>
@phaer Paul Haerle <nix@phaer.org>

Permalink CVE-2010-3299

created 2 months ago Activity log

Created suggestion 2 months ago

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable …

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.

References

https://security-tracker.debian.org/tracker/CVE-2010-3299 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2010-3299 x_transferredx_refsource_MISC
[oss-security] 20100914 Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi mailing-listx_transferredx_refsource_MLIST
https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf x_transferredx_refsource_MISC

Affected products

rails

==2.3

Matching in nixpkgs

pkgs.grails

Full stack, web application framework for the JVM

nixos-unstable 7.0.0-M3
- nixpkgs-unstable 7.0.0-M3
- nixos-unstable-small 7.0.0-M3
nixos-25.11 7.0.0-M3
- nixos-25.11-small 7.0.0-M3
- nixpkgs-25.11-darwin 7.0.0-M3

pkgs.rails-new

Generate new Rails applications without having to install Ruby

nixos-unstable 0.5.0
- nixpkgs-unstable 0.5.0
- nixos-unstable-small 0.5.0
nixos-25.11 0.5.0
- nixos-25.11-small 0.5.0
- nixpkgs-25.11-darwin 0.5.0

pkgs.rubyPackages.rails

None

nixos-unstable 7.2.3
- nixpkgs-unstable 7.2.3
- nixos-unstable-small 7.2.3
nixos-25.11 7.2.3
- nixos-25.11-small 7.2.3
- nixpkgs-25.11-darwin 7.2.3

pkgs.rubyPackages_3_1.rails

None

pkgs.rubyPackages_3_2.rails

None

pkgs.rubyPackages_3_3.rails

None

nixos-unstable 7.2.3
- nixpkgs-unstable 7.2.3
- nixos-unstable-small 7.2.3
nixos-25.11 7.2.3
- nixos-25.11-small 7.2.3
- nixpkgs-25.11-darwin 7.2.3

pkgs.rubyPackages_3_4.rails

None

nixos-unstable 7.2.3
- nixpkgs-unstable 7.2.3
- nixos-unstable-small 7.2.3
nixos-25.11 7.2.3
- nixos-25.11-small 7.2.3
- nixpkgs-25.11-darwin 7.2.3

pkgs.rubyPackages_4_0.rails

None

nixos-unstable 7.2.3
- nixpkgs-unstable 7.2.3
- nixos-unstable-small 7.2.3
nixos-25.11 7.2.3
- nixos-25.11-small 7.2.3
- nixpkgs-25.11-darwin 7.2.3

pkgs.hyprlandPlugins.hyprtrails

Hyprland smooth trails behind moving windows plugin

nixos-unstable 0.53.0
- nixpkgs-unstable 0.53.0
- nixos-unstable-small 0.53.0
nixos-25.11 0.52.0
- nixos-25.11-small 0.52.0
- nixpkgs-25.11-darwin 0.52.0

pkgs.rubyPackages.rails-dom-testing

None

nixos-unstable 2.3.0
- nixpkgs-unstable 2.3.0
- nixos-unstable-small 2.3.0
nixos-25.11 2.3.0
- nixos-25.11-small 2.3.0
- nixpkgs-25.11-darwin 2.3.0

pkgs.rubyPackages.rails-html-sanitizer

None

nixos-unstable 1.6.2
- nixpkgs-unstable 1.6.2
- nixos-unstable-small 1.6.2
nixos-25.11 1.6.2
- nixos-25.11-small 1.6.2
- nixpkgs-25.11-darwin 1.6.2

pkgs.rubyPackages_3_1.rails-dom-testing

None

pkgs.rubyPackages_3_2.rails-dom-testing

None

pkgs.rubyPackages_3_3.rails-dom-testing

None

nixos-unstable 2.3.0
- nixpkgs-unstable 2.3.0
- nixos-unstable-small 2.3.0
nixos-25.11 2.3.0
- nixos-25.11-small 2.3.0
- nixpkgs-25.11-darwin 2.3.0

pkgs.rubyPackages_3_4.rails-dom-testing

None

nixos-unstable 2.3.0
- nixpkgs-unstable 2.3.0
- nixos-unstable-small 2.3.0
nixos-25.11 2.3.0
- nixos-25.11-small 2.3.0
- nixpkgs-25.11-darwin 2.3.0

pkgs.rubyPackages_4_0.rails-dom-testing

None

nixos-unstable 2.3.0
- nixpkgs-unstable 2.3.0
- nixos-unstable-small 2.3.0
nixos-25.11 2.3.0
- nixos-25.11-small 2.3.0
- nixpkgs-25.11-darwin 2.3.0

pkgs.rubyPackages_3_1.rails-html-sanitizer

None

pkgs.rubyPackages_3_2.rails-html-sanitizer

None

pkgs.rubyPackages_3_3.rails-html-sanitizer

None

nixos-unstable 1.6.2
- nixpkgs-unstable 1.6.2
- nixos-unstable-small 1.6.2
nixos-25.11 1.6.2
- nixos-25.11-small 1.6.2
- nixpkgs-25.11-darwin 1.6.2

pkgs.rubyPackages_3_4.rails-html-sanitizer

None

nixos-unstable 1.6.2
- nixpkgs-unstable 1.6.2
- nixos-unstable-small 1.6.2
nixos-25.11 1.6.2
- nixos-25.11-small 1.6.2
- nixpkgs-25.11-darwin 1.6.2

pkgs.rubyPackages_4_0.rails-html-sanitizer

None

nixos-unstable 1.6.2
- nixpkgs-unstable 1.6.2
- nixos-unstable-small 1.6.2
nixos-25.11 1.6.2
- nixos-25.11-small 1.6.2
- nixpkgs-25.11-darwin 1.6.2

Package maintainers

@bjornfor Bjørn Forsman <bjorn.forsman@gmail.com>
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
@donovanglover Donovan Glover
@NotAShelf NotAShelf <raf@notashelf.dev>
@khaneliman Austin Horstman <khaneliman12@gmail.com>
@fufexan Fufezan Mihai <fufexan@protonmail.com>
@coat Kent Smith <kentsmith@gmail.com>

Permalink CVE-2012-1160

created 2 months ago Activity log

Created suggestion 2 months ago

Moodle before 2.2.2 has a permission issue in Forum Subscriptions …

Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php

References

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html x_transferredx_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html x_transferredx_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html x_transferredx_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2012-1160 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1160 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2012-1160 x_transferredx_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html x_transferredx_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html x_transferredx_refsource_MISC
https://moodle.org/mod/forum/discuss.php?d=198629 x_transferredx_refsource_CONFIRM

Affected products

Moodle

==2.1 to 2.1.4+
==2.2 to 2.2.1+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.1.1
- nixpkgs-unstable 5.1.1
- nixos-unstable-small 5.1.1
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

nixos-unstable 2.3.13
- nixpkgs-unstable 2.3.13
- nixos-unstable-small 2.3.13
nixos-25.11 2.3.13
- nixos-25.11-small 2.3.13
- nixpkgs-25.11-darwin 2.3.13

Package maintainers

@freezeboy freezeboy
@kmein Kierán Meinhardt <kmein@posteo.de>

Permalink CVE-2012-0433

created 2 months ago Activity log

Created suggestion 2 months ago

insecure permissions on files containing confidential data

The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data.

References

https://bugzilla.suse.com/show_bug.cgi?id=783195 x_transferredx_refsource_CONFIRM
https://www.suse.com/security/cve/CVE-2012-0433/ x_transferredx_refsource_CONFIRM

Affected products

crowbar

<2012-10-02

Matching in nixpkgs

pkgs.crowbar

Brute forcing tool that can be used during penetration tests

nixos-unstable 2020-04-23
- nixpkgs-unstable 2020-04-23
- nixos-unstable-small 2020-04-23
nixos-25.11 2020-04-23
- nixos-25.11-small 2020-04-23
- nixpkgs-25.11-darwin 2020-04-23

pkgs.ocamlPackages.crowbar

Property fuzzing for OCaml

nixos-unstable 0.2.2
- nixpkgs-unstable 0.2.2
- nixos-unstable-small 0.2.2
nixos-25.11 0.2.1
- nixos-25.11-small 0.2.1
- nixpkgs-25.11-darwin 0.2.1

pkgs.ocamlPackages_latest.crowbar

Property fuzzing for OCaml

nixos-unstable 0.2.2
- nixpkgs-unstable 0.2.2
- nixos-unstable-small 0.2.2

Package maintainers

@Pamplemousse Xavier Maso <xav.maso@gmail.com>
@sternenseemann Lukas Epple <sternenseemann@systemli.org>

Permalink CVE-2010-4533

created 2 months ago Activity log

Created suggestion 2 months ago

offlineimap before 6.3.4 added support for SSL server certificate validation …

offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.

References

https://security-tracker.debian.org/tracker/CVE-2010-4533 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4533 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2010-4533 x_transferredx_refsource_MISC
https://www.openwall.com/lists/oss-security/2010/12/23/2 x_transferredx_refsource_MISC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606962 x_transferredx_refsource_MISC

Affected products

offlineimap

==before 6.3.4

Matching in nixpkgs

pkgs.offlineimap

Synchronize emails between two repositories, so that you can read the same mailbox from multiple computers

nixos-unstable 8.0.0
- nixpkgs-unstable 8.0.0
- nixos-unstable-small 8.0.0
nixos-25.11 8.0.0
- nixos-25.11-small 8.0.0
- nixpkgs-25.11-darwin 8.0.0

Permalink CVE-2011-2897

created 2 months ago Activity log

Created suggestion 2 months ago

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing …

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw

References

https://security-tracker.debian.org/tracker/CVE-2011-2897 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2897 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-2897 x_transferredx_refsource_MISC

Affected products

gdk-pixbuf

==through 2.31.1

Matching in nixpkgs

pkgs.gdk-pixbuf

Library for image loading and manipulation

nixos-unstable 2.44.4
- nixpkgs-unstable 2.44.4
- nixos-unstable-small 2.44.4
nixos-25.11 2.44.4
- nixos-25.11-small 2.44.4
- nixpkgs-25.11-darwin 2.44.4

pkgs.gdk-pixbuf-xlib

Deprecated API for integrating GdkPixbuf with Xlib data types

nixos-unstable 2.40.2
- nixpkgs-unstable 2.40.2
- nixos-unstable-small 2.40.2
nixos-25.11 2.40.2
- nixos-25.11-small 2.40.2
- nixpkgs-25.11-darwin 2.40.2

pkgs.sbclPackages.cl-cffi-gtk-gdk-pixbuf

None

nixos-unstable 20230214-git
- nixpkgs-unstable 20230214-git
- nixos-unstable-small 20230214-git
nixos-25.11 20230214-git
- nixos-25.11-small 20230214-git
- nixpkgs-25.11-darwin 20230214-git

pkgs.tests.pkg-config.defaultPkgConfigPackages.%22gdk-pixbuf-2.0%22

Test whether gdk-pixbuf-2.42.12 exposes pkg-config modules gdk-pixbuf-2.0

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

Package maintainers

@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@jtojnar Jan Tojnar <jtojnar@gmail.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@lukego Luke Gorrie <luke@snabb.co>
@nagy Daniel Nagy <danielnagy@posteo.de>
@hraban Hraban Luyat <hraban@0brg.net>
@Uthar Kasper Gałkowski <galkowskikasper@gmail.com>

Permalink CVE-2010-4237

created 2 months ago Activity log

Created suggestion 2 months ago

Mercurial before 1.6.4 fails to verify the Common Name field …

Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.

References

https://security-tracker.debian.org/tracker/CVE-2010-4237 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4237 x_transferredx_refsource_CONFIRM
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598841 x_transferredx_refsource_MISC
https://bz.mercurial-scm.org/show_bug.cgi?id=2407 x_transferredx_refsource_CONFIRM

Affected products

mercurial

==1.6.4

Matching in nixpkgs

pkgs.mercurial

Fast, lightweight SCM system for very large distributed projects

nixos-unstable 7.1
- nixpkgs-unstable 7.1
- nixos-unstable-small 7.1
nixos-25.11 7.1
- nixos-25.11-small 7.1
- nixpkgs-25.11-darwin 7.1

pkgs.mercurialFull

Fast, lightweight SCM system for very large distributed projects

nixos-unstable 7.1
- nixpkgs-unstable 7.1
- nixos-unstable-small 7.1
nixos-25.11 7.1
- nixos-25.11-small 7.1
- nixpkgs-25.11-darwin 7.1

pkgs.python312Packages.mercurial

Fast, lightweight SCM system for very large distributed projects

nixos-25.11 7.1
- nixos-25.11-small 7.1
- nixpkgs-25.11-darwin 7.1

pkgs.python313Packages.mercurial

Fast, lightweight SCM system for very large distributed projects

nixos-unstable 7.1
- nixpkgs-unstable 7.1
- nixos-unstable-small 7.1
nixos-25.11 7.1
- nixos-25.11-small 7.1
- nixpkgs-25.11-darwin 7.1

pkgs.python314Packages.mercurial

Fast, lightweight SCM system for very large distributed projects

nixos-unstable 7.1
- nixpkgs-unstable 7.1
- nixos-unstable-small 7.1

Package maintainers

@lukegb Luke Granger-Brown <nix@lukegb.com>
@pacien euxane <r9uhdi.nixpkgs@euxane.eu>
@techknowlogick techknowlogick <techknowlogick@gitea.com>

Automatically generated suggestions

References

Affected products

Matching in nixpkgs

pkgs.libsForQt5.konqueror

pkgs.kdePackages.konqueror

pkgs.plasma5Packages.konqueror

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.qpid-cpp

References

Affected products

Matching in nixpkgs

pkgs.lomiri.libusermetrics

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.nginx

pkgs.coc-nginx

pkgs.nginx-doc

pkgs.nginx-sso

pkgs.nginxQuic

pkgs.nginxStable

pkgs.nginxMainline

pkgs.nginxShibboleth

pkgs.tailscale-nginx-auth

pkgs.vimPlugins.coc-nginx

pkgs.nginx-language-server

pkgs.nginx-config-formatter

pkgs.prometheus-nginx-exporter

pkgs.azure-cli-extensions.nginx

pkgs.prometheus-nginxlog-exporter

pkgs.python312Packages.certbot-nginx

pkgs.python313Packages.certbot-nginx

pkgs.python314Packages.certbot-nginx

pkgs.vimPlugins.nvim-treesitter-parsers.nginx

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.grails

pkgs.rails-new

pkgs.rubyPackages.rails

pkgs.rubyPackages_3_1.rails

pkgs.rubyPackages_3_2.rails

pkgs.rubyPackages_3_3.rails

pkgs.rubyPackages_3_4.rails

pkgs.rubyPackages_4_0.rails

pkgs.hyprlandPlugins.hyprtrails

pkgs.rubyPackages.rails-dom-testing

pkgs.rubyPackages.rails-html-sanitizer

pkgs.rubyPackages_3_1.rails-dom-testing

pkgs.rubyPackages_3_2.rails-dom-testing

pkgs.rubyPackages_3_3.rails-dom-testing

pkgs.rubyPackages_3_4.rails-dom-testing

pkgs.rubyPackages_4_0.rails-dom-testing

pkgs.rubyPackages_3_1.rails-html-sanitizer

pkgs.rubyPackages_3_2.rails-html-sanitizer

pkgs.rubyPackages_3_3.rails-html-sanitizer

pkgs.rubyPackages_3_4.rails-html-sanitizer

pkgs.rubyPackages_4_0.rails-html-sanitizer

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.moodle

pkgs.moodle-dl

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.crowbar

pkgs.ocamlPackages.crowbar

pkgs.ocamlPackages_latest.crowbar

Package maintainers

References

Affected products