GNU bug report logs - #36424
expat-2.2.7 for CVE-2018-20843

Previous Next

Package: guix-patches;

Reported by: Jack Hill <jackhill <at> jackhill.us>

Date: Fri, 28 Jun 2019 19:57:02 UTC

Severity: normal

Tags: security

Done: Marius Bakke <mbakke <at> fastmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Jack Hill <jackhill <at> jackhill.us>
Subject: bug#36424: closed (Re: [bug#36424] expat-2.2.7 for CVE-2018-20843)
Date: Thu, 11 Jul 2019 23:01:02 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#36424: expat-2.2.7 for CVE-2018-20843

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 36424 <at> debbugs.gnu.org.

-- 
36424: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=36424
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Marius Bakke <mbakke <at> fastmail.com>
To: Jack Hill <jackhill <at> jackhill.us>
Cc: 36424-done <at> debbugs.gnu.org
Subject: Re: [bug#36424] expat-2.2.7 for CVE-2018-20843
Date: Fri, 12 Jul 2019 01:00:32 +0200

[Message part 3 (text/plain, inline)]

Jack Hill <jackhill <at> jackhill.us> writes:

> Please find updated patch files attached, that I think take into account 
> Marius's suggestions (thanks Marius!)

Thank you!  I made a tiny tweak to use char=? instead of equal=? for the
character comparison.

Pushed as 5a836ce38c9c29e9c2bd306007347486b90c5064.

[signature.asc (application/pgp-signature, inline)]

[Message part 5 (message/rfc822, inline)]

From: Jack Hill <jackhill <at> jackhill.us>
To: guix-patches <at> gnu.org
Subject: expat-2.2.7 for CVE-2018-20843
Date: Fri, 28 Jun 2019 15:56:42 -0400 (EDT)

Hi Guix,

Sebastian Pipping recently wrote to guix-devel@ about expat-2.2.7 which 
fixes CVE-2018-20843 [0]. I've prepared the forthcoming patch to add a 
replacement for expat with expat-2.2.7. I also changed the origin to use 
the GitHub hosted tarball as upstream is moving in that direction.

[0] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843

Best,
Jack

This bug report was last modified 5 years and 317 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #36424 expat-2.2.7 for CVE-2018-20843

GNU bug report logs - #36424
expat-2.2.7 for CVE-2018-20843