Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[23.11] qdrant: add patch for CVE-2024-2221 #307482

Merged
merged 1 commit into from
Apr 29, 2024
Merged

[23.11] qdrant: add patch for CVE-2024-2221 #307482

merged 1 commit into from
Apr 29, 2024

Conversation

risicle
Copy link
Contributor

@risicle risicle commented Apr 28, 2024
edited
Loading

Description of changes

https://nvd.nist.gov/vuln/detail/CVE-2024-2221

It's hard to tell whether this is necessary given the CVE-2024-3078 patch we already have - they appear to address the same bug, but at different levels - this patch performs some sanitization at the REST handler level while the CVE-2024-3078 patch operates at a lower level. Better safe than sorry, and I guess the CVE-2024-3078 patch is written expecting this sanitization to have been applied here.

See also #307322

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@risicle risicle added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Apr 28, 2024
@ofborg ofborg bot requested a review from dit7ya April 28, 2024 15:22
@risicle risicle marked this pull request as ready for review April 28, 2024 19:36
LeSuisse
LeSuisse approved these changes Apr 29, 2024
View reviewed changes
Copy link
Contributor

@LeSuisse LeSuisse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Patch makes sense, it builds and starting the server also works. Tested to create a snapshot and then upload it, seems to work as expected.

@LeSuisse LeSuisse merged commit f44f5c9 into NixOS:release-23.11 Apr 29, 2024
31 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LeSuisse LeSuisse LeSuisse approved these changes

@dit7ya dit7ya Awaiting requested review from dit7ya

Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 1-10 10.rebuild-darwin: 1 10.rebuild-linux: 1-10 10.rebuild-linux: 1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@risicle @LeSuisse