GNU bug report logs - #26828
Update libetpan to 1.8 (CVE-2017-8825)

Previous Next

Package: guix-patches;

Reported by: Julien Lepiller <julien <at> lepiller.eu>

Date: Mon, 8 May 2017 14:44:01 UTC

Severity: normal

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 26828 in the body.
You can then email your comments to 26828 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#26828; Package guix-patches. (Mon, 08 May 2017 14:44:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Julien Lepiller <julien <at> lepiller.eu>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Mon, 08 May 2017 14:44:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Julien Lepiller <julien <at> lepiller.eu>
To: guix-patches <at> gnu.org
Subject: Update libetpan to 1.8 (CVE-2017-8825)
Date: Mon, 8 May 2017 16:43:13 +0200

[Message part 1 (text/plain, inline)]
Hi,

here is a patch to update libetpan to version 1.8. This update also
fixes CVE-2017-8825. Should it be mentionned in the commit log?
[0001-gnu-libetpan-Update-to-1.8.patch (text/x-patch, attachment)]
Information forwarded to guix-patches <at> gnu.org:
bug#26828; Package guix-patches. (Mon, 08 May 2017 17:36:01 GMT) Full text and rfc822 format available.

Message #8 received at 26828 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Julien Lepiller <julien <at> lepiller.eu>
Cc: 26828 <at> debbugs.gnu.org
Subject: Re: bug#26828: Update libetpan to 1.8 (CVE-2017-8825)
Date: Mon, 8 May 2017 13:35:38 -0400

[Message part 1 (text/plain, inline)]
On Mon, May 08, 2017 at 04:43:13PM +0200, Julien Lepiller wrote:
> Hi,
> 
> here is a patch to update libetpan to version 1.8. This update also
> fixes CVE-2017-8825. Should it be mentionned in the commit log?

Thanks! Yes, I would add [fixes CVE-2017-8825] to the end of the first
line of the commit message.

I bet the majority of updates include fixes for exploitable bugs (at
least for C programs), but it's still useful to include these bug
identifiers in the commit log, when we know about them.

[signature.asc (application/pgp-signature, inline)]
Reply sent to Leo Famulari <leo <at> famulari.name>:
You have taken responsibility. (Tue, 09 May 2017 17:27:01 GMT) Full text and rfc822 format available.
Notification sent to Julien Lepiller <julien <at> lepiller.eu>:
bug acknowledged by developer. (Tue, 09 May 2017 17:27:01 GMT) Full text and rfc822 format available.

Message #13 received at 26828-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Julien Lepiller <julien <at> lepiller.eu>
Cc: 26828-done <at> debbugs.gnu.org
Subject: Re: bug#26828: Update libetpan to 1.8 (CVE-2017-8825)
Date: Tue, 9 May 2017 13:26:07 -0400

[Message part 1 (text/plain, inline)]
On Mon, May 08, 2017 at 01:35:38PM -0400, Leo Famulari wrote:
> On Mon, May 08, 2017 at 04:43:13PM +0200, Julien Lepiller wrote:
> > Hi,
> > 
> > here is a patch to update libetpan to version 1.8. This update also
> > fixes CVE-2017-8825. Should it be mentionned in the commit log?
> 
> Thanks! Yes, I would add [fixes CVE-2017-8825] to the end of the first
> line of the commit message.
> 
> I bet the majority of updates include fixes for exploitable bugs (at
> least for C programs), but it's still useful to include these bug
> identifiers in the commit log, when we know about them.

Hi Julien,

I pushed the patch on your behalf as
a979eea9c2132d35cba30e7fcd4184ec159310a6.

[signature.asc (application/pgp-signature, inline)]
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Wed, 07 Jun 2017 11:24:04 GMT) Full text and rfc822 format available.
This bug report was last modified 8 years and 10 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.