(Internal changes only)

gchq · Oct 11, 2024 · 47f5ecc · 47f5ecc
1 parent 2a0551e
commit 47f5ecc
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 3 deletions.
diff --git a/.last-exported-commit b/.last-exported-commit
@@ -1 +1 @@
-Last exported commit from parent repo: b4458f62ed869983cbec0df12090b438cb8c8cb7
+Last exported commit from parent repo: 85f777375514f28d1df3234724ce8e606a6e5f12
diff --git a/nix-bootstrap.cabal b/nix-bootstrap.cabal
@@ -5,7 +5,7 @@ cabal-version: 2.0
 -- see: https://github.com/sol/hpack
 
 name:           nix-bootstrap
-version:        1.7.1.0
+version:        1.7.1.1
 author:         gchquser
 maintainer:     [email protected]
 copyright:      Crown Copyright

diff --git a/package.yaml b/package.yaml
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 name: nix-bootstrap
-version: 1.7.1.0
+version: 1.7.1.1
 author: gchquser
 maintainer: [email protected]
 copyright: Crown Copyright

diff --git a/vulnerability-whitelist.toml b/vulnerability-whitelist.toml
@@ -16,6 +16,10 @@
 cve = ["CVE-2023-4039"]
 comment = "Reasonable worst-case is loss of availability; risk acceptable."
 
+["libarchive"]
+cve = ["CVE-2024-37407"]
+comment = "libarchive is only used by nix itself, and only on the local filesystem. Could only be a viable vector if the attackr has arbitrary filesystem access, and would therefore be unlikely to be the chosen route."
+
 ["zlib-1.3.1"]
 cve = ["CVE-2023-6992"]
 comment = "We do not call the affected code with untrusted data."