On Fri Sep 27, 2024 at 8:52 PM CEST, John Kehayias wrote:
> Hello,
>
> On Thu, Sep 19, 2024 at 03:17 PM, Ashish SHUKLA wrote:
>
> > * gnu/packages/curl.scm (curl): Update to 8.10.1.
> >
>
> As curl causes a rebuild of just about everything, this will need to
> done as a graft on master. (And ungrafted with a world rebuild on a
> branch.) Would you like to take a stab at that?

Prepared a new revision (attached) to add a new package 'curl/fixed' 
with just the fix from upstream applied[0][1].

As for the actual update to 8.10.1, I can send a patch (either in this 
thread, or in separate issue report).

Please let me know if something is amiss with my patch.

References:
[0] https://curl.se/docs/CVE-2024-8096.html
[1] https://github.com/curl/curl/commit/aeb1a281cab13c7ba

Thanks!
--
Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116  20B6 C746 CFA9 E74F A4B0

"If I destroy you, what business is it of yours ?" (Dark Forest, Liu Cixin)