GNU bug report logs - #48656
[PATCH] gnu: lz4: Add a patch for CVE-2021-3520.

Previous Next

Package: guix-patches;

Reported by: Solene Rapenne <solene <at> perso.pw>

Date: Tue, 25 May 2021 18:25:01 UTC

Severity: normal

Tags: patch

Full log


View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: 48656 <at> debbugs.gnu.org
Subject: [bug#48656] [PATCH] gnu: lz4: Add a patch for CVE-2021-3520.
Date: Tue, 25 May 2021 15:07:05 -0400
On Tue, May 25, 2021 at 08:24:07PM +0200, Solene Rapenne via Guix-patches via wrote:
> This imports a patch that is not committed upstream yet
> but pending for merge on github
> 
> https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7
> 
> This is already widely used in many distributions distributing lz4
> 
> ---
>  gnu/packages/compression.scm                 |  7 +++++--
>  gnu/packages/patches/lz4-CVE-2021-3520.patch | 15 +++++++++++++++

When adding a new patch file, you have to register it in 'gnu/local.mk'.

Is there any discussion about this upstream? Why isn't it included in
lz4 yet?




This bug report was last modified 2 years and 19 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.