On Thu, Aug 23, 2018 at 04:59:47PM +0200, Marius Bakke wrote:
> This fixes CVE-2018-14599, CVE-2018-14600, and CVE-2018-14598.
> 
> * gnu/packages/xorg.scm (libx11)[replacement]: New field.
> (libx11-1.6.6): New public variable.

Thanks!

> +;; Replacement package to fix multiple security bugs:
> +;; <http://seclists.org/oss-sec/2018/q3/146>.
> +(define-public libx11-1.6.6
> +  (package/inherit libx11

Does it need to use package/inherit? My understanding is that procedure
is primarily useful for packages that inherit from another package foo,
when foo is being grafted. For example, the current situation with
cups-minimal and cups.