GNU bug report logs - #40979
[PATCH] gnu: libntlm: Update to 1.6 [fixes CVE-2019-17455].

Previous Next

Package: guix-patches;

Reported by: Simon Josefsson <simon <at> josefsson.org>

Date: Thu, 30 Apr 2020 09:07:02 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 40979 in the body.
You can then email your comments to 40979 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#40979; Package guix-patches. (Thu, 30 Apr 2020 09:07:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Simon Josefsson <simon <at> josefsson.org>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Thu, 30 Apr 2020 09:07:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Simon Josefsson <simon <at> josefsson.org>
To: guix-patches <at> gnu.org
Subject: [PATCH] gnu: libntlm: Update to 1.6 [fixes CVE-2019-17455].
Date: Thu, 30 Apr 2020 11:05:34 +0200

[Message part 1 (text/plain, inline)]
Hi!  See attached patch.

/Simon

[0001-gnu-libntlm-Update-to-1.6-fixes-CVE-2019-17455.patch (text/x-diff, inline)]
From ecab0779f6a4dbac5de1f8a587af3c40a93cf294 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon <at> josefsson.org>
Date: Thu, 30 Apr 2020 11:02:08 +0200
Subject: [PATCH] gnu: libntlm: Update to 1.6 [fixes CVE-2019-17455].

* gnu/packages/gsasl.scm (libntlm): Update to 1.8.1.
---
 gnu/packages/gsasl.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/gsasl.scm b/gnu/packages/gsasl.scm
index a796f9aa82..98acc3c756 100644
--- a/gnu/packages/gsasl.scm
+++ b/gnu/packages/gsasl.scm
@@ -35,14 +35,14 @@
 (define-public libntlm
   (package
     (name "libntlm")
-    (version "1.5")
+    (version "1.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.nongnu.org/libntlm/releases/"
                                   "libntlm-" version ".tar.gz"))
               (sha256
                (base32
-                "1gcvv7f9rggpxay81qv6kw5hr6gd4qiyzkbwhzz02fx9jvv9kmsk"))))
+                "08b83nss16jsn213j326yhn1vnrz10k15fwq6jm5b1vdn23nndzj"))))
     (build-system gnu-build-system)
     (synopsis "Library that implements NTLM authentication")
     (description
-- 
2.20.1


[signature.asc (application/pgp-signature, inline)]
Information forwarded to guix-patches <at> gnu.org:
bug#40979; Package guix-patches. (Thu, 30 Apr 2020 14:54:01 GMT) Full text and rfc822 format available.

Message #8 received at 40979 <at> debbugs.gnu.org (full text, mbox):

From: Simon Josefsson <simon <at> josefsson.org>
To: 40979 <at> debbugs.gnu.org
Subject: Re: bug#40979: Acknowledgement ([PATCH] gnu: libntlm: Update to 1.6
 [fixes CVE-2019-17455].)
Date: Thu, 30 Apr 2020 16:53:20 +0200

[Message part 1 (text/plain, inline)]
Sorry there was a typo in the commit log in the last patch.  Please use
the attached file instead.

/Simon


[0001-gnu-libntlm-Update-to-1.6-fixes-CVE-2019-17455.patch (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
Reply sent to Leo Famulari <leo <at> famulari.name>:
You have taken responsibility. (Thu, 30 Apr 2020 16:52:02 GMT) Full text and rfc822 format available.
Notification sent to Simon Josefsson <simon <at> josefsson.org>:
bug acknowledged by developer. (Thu, 30 Apr 2020 16:52:02 GMT) Full text and rfc822 format available.

Message #13 received at 40979-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Simon Josefsson <simon <at> josefsson.org>
Cc: 40979-done <at> debbugs.gnu.org
Subject: Re: [bug#40979] Acknowledgement ([PATCH] gnu: libntlm: Update to 1.6
 [fixes CVE-2019-17455].)
Date: Thu, 30 Apr 2020 12:51:18 -0400

[Message part 1 (text/plain, inline)]
On Thu, Apr 30, 2020 at 04:53:20PM +0200, Simon Josefsson via Guix-patches via wrote:
> From ecab0779f6a4dbac5de1f8a587af3c40a93cf294 Mon Sep 17 00:00:00 2001
> From: Simon Josefsson <simon <at> josefsson.org>
> Date: Thu, 30 Apr 2020 11:02:08 +0200
> Subject: [PATCH] gnu: libntlm: Update to 1.6 [fixes CVE-2019-17455].
> 
> * gnu/packages/gsasl.scm (libntlm): Update to 1.6.

Thanks! Pushed as 194cb75d85a2d282419b2a618c8e124f140859f3

[signature.asc (application/pgp-signature, inline)]
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Fri, 29 May 2020 11:24:07 GMT) Full text and rfc822 format available.
This bug report was last modified 5 years and 26 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.