Skip to content

[25.05] cotton: mark as vulnerable to CVE-2025-62518 #455990

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 26, 2025
Merged

[25.05] cotton: mark as vulnerable to CVE-2025-62518 #455990

merged 1 commit into from
Oct 26, 2025

Conversation

@bengsparks
Copy link
Contributor

@bengsparks bengsparks commented Oct 26, 2025
edited by niklaskorz
Loading

Partial backport of sister PR #455326

Tracking Issue: #455265

Things done

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

Add a 👍 reaction to pull requests you find important.

github-actions[bot]

This comment was marked as resolved.

Sign in to view

@bengsparks bengsparks changed the title cotton: mark as vulnerable to CVE-2025-62518 [25.05] cotton: mark as vulnerable to CVE-2025-62518 Oct 26, 2025
@bengsparks bengsparks added 1.severity: security Issues which raise a security issue, or PRs that fix one 9.needs: reviewer This PR currently has no reviewers requested and needs attention. labels Oct 26, 2025
@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. 4.workflow: backport This targets a stable branch labels Oct 26, 2025
@nix-owners nix-owners bot requested review from dit7ya and figsoda October 26, 2025 20:06
@niklaskorz niklaskorz mentioned this pull request Oct 26, 2025
Closed
15 tasks
@github-actions github-actions bot dismissed their stale review October 26, 2025 20:39

All good now, thank you!

@niklaskorz niklaskorz added this pull request to the merge queue Oct 26, 2025
Merged via the queue into NixOS:release-25.05 with commit 2ec0bbc Oct 26, 2025
52 of 57 checks passed
@nixpkgs-ci nixpkgs-ci bot added 12.approvals: 1 This PR was reviewed and approved by one person. and removed 9.needs: reviewer This PR currently has no reviewers requested and needs attention. labels Oct 26, 2025
@bengsparks bengsparks deleted the cotton-cve-backport branch October 26, 2025 20:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@niklaskorz niklaskorz niklaskorz approved these changes

@github-actions github-actions[bot] github-actions[bot] left review comments

@figsoda figsoda Awaiting requested review from figsoda

@dit7ya dit7ya Awaiting requested review from dit7ya

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 4.workflow: backport This targets a stable branch 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. 12.approvals: 1 This PR was reviewed and approved by one person.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bengsparks @niklaskorz