GNU bug report logs - #42890
[PATCH] gnu: taglib: Include patch to prevent OGG corruption.

Previous Next

Package: guix-patches;

Reported by: Pierre Langlois <pierre.langlois <at> gmx.com>

Date: Sun, 16 Aug 2020 15:49:02 UTC

Severity: normal

Tags: patch

Done: Pierre Langlois <pierre.langlois <at> gmx.com>

Bug is archived. No further changes may be made.

Full log

Message #23 received at 42890 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Pierre Langlois <pierre.langlois <at> gmx.com>
Cc: 42890 <at> debbugs.gnu.org, mail <at> brendan.scot
Subject: Re: [bug#42890] [PATCH] gnu: taglib: Include patch to prevent OGG
 corruption.
Date: Fri, 04 Sep 2020 11:32:09 +0200

Hi!

Pierre Langlois <pierre.langlois <at> gmx.com> skribis:

>>From 97a5d71bd50c72d2d7562a7d22baca04f4987657 Mon Sep 17 00:00:00 2001
> From: Pierre Langlois <pierre.langlois <at> gmx.com>
> Date: Tue, 18 Aug 2020 18:38:01 +0100
> Subject: [PATCH] gnu: taglib: Update to 1.12-beta-1.
>
> This switches to a yet unreleased version of taglib, to make sure long
> standings issues and CVEs are covered until a proper release is made upstream.
>
> Among these, we have:
>
> - CVE-2017-12678
> - CVE-2018-11439
> - https://github.com/taglib/taglib/issues/864
>
> * gnu/packges/mp3.scm (taglib): Update to 1.12-beta-1.
> [source]: Switch to using git-fetch.

It’s a good idea to add “[security fixes]” or to list CVEs in the
subject line of the commit log.

Otherwise LGTM!

You can now use your new super commit powers to push it.  :-)

Thanks,
Ludo’.
This bug report was last modified 4 years and 324 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.