GNU bug report logs - #27429
Stack clash (CVE-2017-1000366 etc)

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 19 Jun 2017 22:27:01 UTC

Severity: serious

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: Mark H Weaver <mhw <at> netris.org>, 27429 <at> debbugs.gnu.org
Subject: bug#27429: core-updates and shishi [was Re: bug#27429: Stack clash (CVE-2017-1000366 etc)]
Date: Thu, 29 Jun 2017 17:03:17 -0400

[Message part 1 (text/plain, inline)]

On Thu, Jun 29, 2017 at 10:06:08PM +0200, Ludovic Courtès wrote:
> Leo, let me know when you feel that we should start a new evaluation.

First I want to ungraft today's libgcrypt and poppler replacements.

I also want to apply the attached patch so we can stop using
libgcrypt-1.5 with Shishi, and instead use the latest libgcrypt. This
patch does require us to re-bootstrap Shishi, but I think it's worth it
if it means we can drop the older libgcrypt package. Does anyone have
feedback on this patch?

I'll do some local testing of this change in the next few hours and then
start the evaluation.

[0001-gnu-shishi-Build-with-latest-libgcrypt.patch (text/plain, attachment)]

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 7 years and 309 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #27429 Stack clash (CVE-2017-1000366 etc)

GNU bug report logs - #27429
Stack clash (CVE-2017-1000366 etc)