GNU bug report logs - #73676
[PATCH] gnu: xerces-c: Update to 3.2.5. [security fixes]

Previous Next

Package: guix-patches;

Reported by: Nicolas Graves <ngraves <at> ngraves.fr>

Date: Mon, 7 Oct 2024 10:00:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 73676 in the body.
You can then email your comments to 73676 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#73676; Package guix-patches. (Mon, 07 Oct 2024 10:00:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Nicolas Graves <ngraves <at> ngraves.fr>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Mon, 07 Oct 2024 10:00:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Nicolas Graves <ngraves <at> ngraves.fr>
To: guix-patches <at> gnu.org
Cc: Nicolas Graves <ngraves <at> ngraves.fr>
Subject: [PATCH] gnu: xerces-c: Update to 3.2.5. [security fixes]
Date: Mon,  7 Oct 2024 11:57:02 +0200

This fixes CVE-2023-37536.

* gnu/packages/xml.scm (xerces-c): Update to 3.2.5.
---
 gnu/packages/xml.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 6fa2183592..cfd53a291a 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -1516,14 +1516,14 @@ (define-public freexl
 (define-public xerces-c
   (package
     (name "xerces-c")
-    (version "3.2.3")
+    (version "3.2.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://apache/xerces/c/3/sources/"
                                   "xerces-c-" version ".tar.xz"))
               (sha256
                (base32
-                "0jf1khvlssg31vkxbc25dxjxcxm56xb8nywj1sypj6hxzjlrkz0j"))))
+                "0c42jhnhq63yzvj8whl5dpzf7p1lnd6h00kzpz4ipcj5aq1ycfb2"))))
     (build-system gnu-build-system)
     (arguments
      (let ((system (or (%current-target-system)
-- 
2.46.0
Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Thu, 24 Oct 2024 10:14:01 GMT) Full text and rfc822 format available.
Notification sent to Nicolas Graves <ngraves <at> ngraves.fr>:
bug acknowledged by developer. (Thu, 24 Oct 2024 10:14:01 GMT) Full text and rfc822 format available.

Message #10 received at 73676-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Nicolas Graves <ngraves <at> ngraves.fr>
Cc: 73676-done <at> debbugs.gnu.org
Subject: Re: [bug#73676] [PATCH] gnu: xerces-c: Update to 3.2.5. [security
 fixes]
Date: Thu, 24 Oct 2024 12:12:43 +0200

Nicolas Graves <ngraves <at> ngraves.fr> skribis:

> This fixes CVE-2023-37536.
>
> * gnu/packages/xml.scm (xerces-c): Update to 3.2.5.

Applied, thanks!
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Thu, 21 Nov 2024 12:24:13 GMT) Full text and rfc822 format available.
This bug report was last modified 262 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.