GNU bug report logs - #30180
[PATCH] gnu: libsndfile: Fix CVE-2017-12562.

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Sat, 20 Jan 2018 02:11:01 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: ludo <at> gnu.org (Ludovic Courtès)
To: Leo Famulari <leo <at> famulari.name>
Cc: 30180-done <at> debbugs.gnu.org
Subject: [bug#30180] [PATCH] gnu: libsndfile: Fix CVE-2017-12562.
Date: Wed, 24 Jan 2018 14:59:18 +0100

Leo Famulari <leo <at> famulari.name> skribis:

> On Tue, Jan 23, 2018 at 10:20:26AM +0100, Ludovic Courtès wrote:
>> Leo Famulari <leo <at> famulari.name> skribis:
>> 
>> > I'd like to ungraft this on core-updates, even though it's late in the
>> > core-updates cycle. Changing libsndfile requires only ~600 rebuilds per
>> > architecture.
>> >
>> > * gnu/packages/patches/libsndfile-CVE-2017-12562.patch: New file.
>> > * gnu/local.mk (dist_patch_DATA): Add it.
>> > * gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field.
>> > (libsndfile/fixed): New variable.
>> 
>> The patch LGTM!
>
> Okay, pushed!
>
>> As for ungrafting, I’ll let you judge.  I would really like to merge
>> that branch soon, but I haven’t checked in status over the last couple
>> of days.
>
> The branch is very close to done if you just look at the numbers, but
> there are still some important package failures. But there will be more
> grafts soon enough, so I guess we might as well leave it grafted.

Sounds reasonable.

Ludo’.

This bug report was last modified 7 years and 124 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #30180 [PATCH] gnu: libsndfile: Fix CVE-2017-12562.

GNU bug report logs - #30180
[PATCH] gnu: libsndfile: Fix CVE-2017-12562.