GNU bug report logs - #47144
security patching of 'patch' package

Previous Next

Package: guix;

Reported by: Mark H Weaver <mhw <at> netris.org>

Date: Sun, 14 Mar 2021 21:39:02 UTC

Severity: normal

Tags: security

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: 47144 <at> debbugs.gnu.org
Cc: lle-bout <at> zaclys.net
Subject: bug#47144: [PATCH 1/1] gnu: patch: Update to 2.7.6-7623b2d [security fixes].
Date: Thu, 18 Mar 2021 22:58:56 +0100

Hi,

Léo Le Bouter via Bug reports for GNU Guix <bug-guix <at> gnu.org> skribis:

> * gnu/packages/base.scm (patch/fixed): New variable.
> (patch)[replacement]: Graft.

It’s (almost) useless to provide a graft of ‘patch’ because patch is
usually a build-time only dependency.  (Maybe we can tell it’s not
vulnerable to the issues at hand because in that context it’s always
given controlled input: the package patches.)

What could be useful is to provide a second version of patch so that
people running ‘guix install patch’ or similar get the newer version.

HTH,
Ludo’.

This bug report was last modified 333 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #47144 security patching of 'patch' package

GNU bug report logs - #47144
security patching of 'patch' package