GNU bug report logs - #53545
[PATCH] gnu: util-linux: Fix CVE-2021-3995 and CVE-2021-3996.

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Wed, 26 Jan 2022 05:26:01 UTC

Severity: important

Tags: patch, security

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 53545 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Leo Famulari <leo <at> famulari.name>
Cc: 53545 <at> debbugs.gnu.org
Subject: Re: bug#53545: [PATCH] gnu: util-linux: Fix CVE-2021-3995 and
 CVE-2021-3996.
Date: Wed, 26 Jan 2022 12:22:57 +0100

Hi Leo,

Leo Famulari <leo <at> famulari.name> skribis:

> * gnu/packages/patches/util-linux-CVE-2021-3995.patch,
> gnu/packages/patches/util-linux-CVE-2021-3996.patch: New files.
> * gnu/local.mk (dist_patch_DATA): Add them.
> * gnu/packages/linux.scm (util-linux)[replacement]: New field.
> (util-linux/fixed): New variable.

[...]

> +      (source (origin
> +                (inherit (package-source util-linux))
> +                (patches (append (search-patches "util-linux-CVE-2021-3995.patch")
> +                                 (search-patches "util-linux-CVE-2021-3996.patch")

You can have (search-patches patch1 patch2).

Otherwise LGTM, thanks a lot for the quick fix!

Ludo’.

This bug report was last modified 3 years and 117 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #53545 [PATCH] gnu: util-linux: Fix CVE-2021-3995 and CVE-2021-3996.

GNU bug report logs - #53545
[PATCH] gnu: util-linux: Fix CVE-2021-3995 and CVE-2021-3996.