From 5a61f34f2e731059b67daa59d0d398688a477cfb Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 15 Jan 2023 22:01:01 +0100 Subject: [PATCH] radare2: Fix ANSI Escape Sequence Injection vulns via DWARF Fixes: CVE-2023-0302 --- pkgs/development/tools/analysis/radare2/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/development/tools/analysis/radare2/default.nix b/pkgs/development/tools/analysis/radare2/default.nix index 94165d992d8d..e02ce86d8efb 100644 --- a/pkgs/development/tools/analysis/radare2/default.nix +++ b/pkgs/development/tools/analysis/radare2/default.nix @@ -63,6 +63,11 @@ stdenv.mkDerivation rec { url = "https://github.com/radareorg/radare2/commit/842f809d4ec6a12af2906f948657281c9ebc8a24.patch"; sha256 = "sha256-asEXW9Ox48w9WQhOA9tleXIvynIjsWb6ItKmFTojgbQ="; }) + (fetchpatch { + name = "CVE-2023-0302.patch"; + url = "https://github.com/radareorg/radare2/commit/961f0e723903011d4f54c2396e44efa91fcc74ce.patch"; + hash = "sha256-QinRQDIY4p3P+M3Hh9w3Dv3N/2XTaf3N0nUluHPpAvg="; + }) ]; preBuild = ''