GNU bug report logs - #30061
[PATCH] gnu: libvorbis: Fix CVE-2017-{14632,14633}.

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Wed, 10 Jan 2018 09:09:01 UTC

Severity: normal

Tags: patch, security

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #15 received at 30061-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 30061-done <at> debbugs.gnu.org
Subject: Re: [bug#30061] [PATCH] gnu: libvorbis: Fix CVE-2017-{14632,14633}.
Date: Thu, 11 Jan 2018 14:33:22 -0800

[Message part 1 (text/plain, inline)]

On Thu, Jan 11, 2018 at 10:25:33PM +0100, Ludovic Courtès wrote:
> Hi,
> 
> Leo Famulari <leo <at> famulari.name> skribis:
> 
> > * gnu/packages/patches/libvorbis-CVE-2017-14632.patch,
> > gnu/packages/patches/libvorbis-CVE-2017-14633.patch: New files.
> > * gnu/local.mk (dist_patch_DATA): Add them.
> > * gnu/packages/xiph.scm (libvorbis)[replacement]: New field.
> > (libvorbis/fixed): New variable.
> 
> LGTM.

Pushed as 138c08899ba73049de8afd2b74a8cf6845a1d9e1

> On ‘core-updates’, should we perform a rebuild instead of grafting?

Yes, I merged master into core-updates and ungrafted libvorbis in
e6ebc7b13225f0eddc404b7d8e136120b962181e

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 7 years and 133 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #30061 [PATCH] gnu: libvorbis: Fix CVE-2017-{14632,14633}.

GNU bug report logs - #30061
[PATCH] gnu: libvorbis: Fix CVE-2017-{14632,14633}.