From 207bf49c8d722359c89a9c5ac35da546bd6b5f8e Mon Sep 17 00:00:00 2001 From: Justin Humm Date: Sun, 7 Jan 2018 02:58:09 +0100 Subject: [PATCH] electrum: 3.0.3 -> 3.0.4 From the release notes [1]: * Fix a vulnerability caused by Cross-Origin Resource Sharing (CORS) in the JSONRPC interface. Previous versions of Electrum are vulnerable to port scanning and deanonimization attacks from malicious websites. Wallets that are not password-protected are vulnerable to theft. See this [2] for explanation. [1] https://github.com/spesmilo/electrum/blob/3.0.4/RELEASE-NOTES [2] https://github.com/spesmilo/electrum/issues/3374 --- pkgs/applications/misc/electrum/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/electrum/default.nix b/pkgs/applications/misc/electrum/default.nix index 10f12885dcd..8286057c1e1 100644 --- a/pkgs/applications/misc/electrum/default.nix +++ b/pkgs/applications/misc/electrum/default.nix @@ -2,11 +2,11 @@ python3Packages.buildPythonApplication rec { name = "electrum-${version}"; - version = "3.0.3"; + version = "3.0.4"; src = fetchurl { url = "https://download.electrum.org/${version}/Electrum-${version}.tar.gz"; - sha256 = "09h3s1mbkliwh8758prbdk3sm19bnma7wy3k10pl9q9fkarbhp75"; + sha256 = "03vvxbyci9acss9sfdjcvdp0ny1fvyj29q261lxqr416vvfparjj"; }; propagatedBuildInputs = with python3Packages; [