GNU bug report logs - #48612
Expat "billion laughs attack" vulnerability (CVE-2013-0340)

Previous Next

Package: guix;

Reported by: Marius Bakke <marius <at> gnu.org>

Date: Sun, 23 May 2021 15:16:01 UTC

Severity: normal

Tags: security

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #18 received at 48612-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Marius Bakke <marius <at> gnu.org>
Cc: 48612-done <at> debbugs.gnu.org
Subject: Re: bug#48612: Expat "billion laughs attack" vulnerability
 (CVE-2013-0340)
Date: Wed, 2 Jun 2021 23:16:29 -0400

[Message part 1 (text/plain, inline)]

On Mon, May 24, 2021 at 01:06:47PM -0400, Leo Famulari wrote:
> I think it's okay to graft it. The distro is big enough that there will
> always be some grafted packages. However, I'd like to try ungrafting at
> regular periods; based on the current ungrafting build cycle, monthly
> may be reasonable.

I updated your patch to use expat 2.4.1 and pushed as
6d71f6a73cd27d61d3302b9658893428af6314d2

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 3 years and 353 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #48612 Expat "billion laughs attack" vulnerability (CVE-2013-0340)

GNU bug report logs - #48612
Expat "billion laughs attack" vulnerability (CVE-2013-0340)