Leo Famulari writes: > On Mon, Jul 24, 2017 at 06:07:25PM -0400, Kei Kebreau wrote: >> Done! FYI, this patch is tentative (i.e. not merged upstream as of >> yet). It seems to do the right thing, but I'm not quite sure, as I'm not >> an experienced C programmer, nor am I a user of this package. > > I'm not an expert but, I agree, it seems to do the right thing. > >> > Check 'gnu/packages/patches/wget-CVE-2017-6508.patch' for an example if >> > you are unsure. >> > >> > There is also CVE-2017-10789. I'm not sure if there is a fix merged >> > upstream yet: >> > >> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10789 > > Okay, let's wait on that one. Can you try to keep track of it? > Will do! >> How does the attached patch look? > >> From d067457fcc87a0353dfdf6c8bfbe4f2bbdb90bb9 Mon Sep 17 00:00:00 2001 >> From: Kei Kebreau >> Date: Mon, 24 Jul 2017 13:51:50 -0400 >> Subject: [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788. >> >> * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file. >> * gnu/local.mk (dist_patch_DATA): Add it. >> * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it. > > Please push! Pushed to master! Thank you for reviewing.