GNU bug report logs - #30180
[PATCH] gnu: libsndfile: Fix CVE-2017-12562.

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Sat, 20 Jan 2018 02:11:01 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #13 received at 30180-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 30180-done <at> debbugs.gnu.org
Subject: Re: [bug#30180] [PATCH] gnu: libsndfile: Fix CVE-2017-12562.
Date: Tue, 23 Jan 2018 15:25:52 -0500

[Message part 1 (text/plain, inline)]

On Tue, Jan 23, 2018 at 10:20:26AM +0100, Ludovic Courtès wrote:
> Leo Famulari <leo <at> famulari.name> skribis:
> 
> > I'd like to ungraft this on core-updates, even though it's late in the
> > core-updates cycle. Changing libsndfile requires only ~600 rebuilds per
> > architecture.
> >
> > * gnu/packages/patches/libsndfile-CVE-2017-12562.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Add it.
> > * gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field.
> > (libsndfile/fixed): New variable.
> 
> The patch LGTM!

Okay, pushed!

> As for ungrafting, I’ll let you judge.  I would really like to merge
> that branch soon, but I haven’t checked in status over the last couple
> of days.

The branch is very close to done if you just look at the numbers, but
there are still some important package failures. But there will be more
grafts soon enough, so I guess we might as well leave it grafted.

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 7 years and 124 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #30180 [PATCH] gnu: libsndfile: Fix CVE-2017-12562.

GNU bug report logs - #30180
[PATCH] gnu: libsndfile: Fix CVE-2017-12562.