GNU bug report logs - #65482
[PATCH 0/3] gnu: racket: Update to 8.10.

Previous Next

Package: guix-patches;

Reported by: Philip McGrath <philip <at> philipmcgrath.com>

Date: Thu, 24 Aug 2023 00:06:01 UTC

Severity: normal

Tags: patch

Done: Efraim Flashner <efraim <at> flashner.co.il>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Philip McGrath <philip <at> philipmcgrath.com>
To: 65482 <at> debbugs.gnu.org
Cc: Tim Johann <t1m <at> phrogstar.de>, Efraim Flashner <efraim <at> flashner.co.il>
Subject: [bug#65482] [PATCH 0/3] gnu: racket: Update to 8.10.
Date: Sat, 2 Sep 2023 21:59:23 -0400

tags 65482 + security
quit

On 8/23/23 20:05, Philip McGrath wrote:
> Hi,
> 
> In addition to updating Racket to 8.10, this patch series backports fixes
> merged upstream for rktboot on architectures other than x86_64 and removes
> a corresponding workaround from the Guix packaging.
> 
> Efraim and Tim, I'm CC'ing you because of your recent patches for rktboot on
> aarch64 and riscv64: it would be great if you could confirm that this series
> works on those architectures. It would also be useful to test powerpc64le,
> especially since it is supported via 'pbarch', which takes some different
> branches.
> 

Apparently Racket 8.10 fixes a notable security vulnerability related to 
module path parsing. There's an initial post at 
<https://github.com/racket/racket/issues/4731>, but they're not 
publishing the details of how to exploit the vulnerability until more 
people have had a chance to upgrade. (I don't think I fully understand 
the implications of the issue myself.)

Also, Tim, thanks for testing! I seem not to have gotten your mail, but 
I saw it on the tracker just now.

Philip
This bug report was last modified 1 year and 334 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.