GNU bug report logs - #78430
[PATCH 0/2] Fix vulnerabilities in GNU Screen

Previous Next

Package: guix-patches;

Reported by: Liliana Marie Prikler <liliana.prikler <at> gmail.com>

Date: Wed, 14 May 2025 19:20:02 UTC

Severity: normal

Tags: patch

Full log

View this message in rfc822 format

From: Liliana Marie Prikler <liliana.prikler <at> gmail.com>
To: 78430 <at> debbugs.gnu.org
Subject: [bug#78430] [PATCH 0/2] Fix vulnerabilities in GNU Screen
Date: Wed, 14 May 2025 21:16:35 +0200

Hi Guix,

as outlined in [1], the current version of GNU Screen packaged in Guix
suffers from multiple vulnerabilities.  This series first cleans up the
package style and then applies the patches that fix them.

Cheers

[1] https://www.openwall.com/lists/oss-security/2025/05/12/1

Liliana Marie Prikler (2):
  gnu: screen: Use new package style.
  gnu: screen: Fix multiple CVEs.

 gnu/local.mk                                  |   5 +
 .../patches/screen-fix-CVE-2025-233.patch     | 137 ++++++++++++++++++
 .../patches/screen-fix-CVE-2025-46802.patch   | 113 +++++++++++++++
 .../patches/screen-fix-CVE-2025-46804.patch   | 130 +++++++++++++++++
 .../patches/screen-fix-CVE-2025-46805.patch   | 115 +++++++++++++++
 .../patches/screen-fix-bad-strncpy.patch      |  60 ++++++++
 gnu/packages/screen.scm                       |  27 +++-
 7 files changed, 579 insertions(+), 8 deletions(-)
 create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-233.patch
 create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-46802.patch
 create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-46804.patch
 create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-46805.patch
 create mode 100644 gnu/packages/patches/screen-fix-bad-strncpy.patch


base-commit: 5f5d84beccc180f1b51474c0e47eb6e0d0c9175f
-- 
2.49.0
This bug report was last modified 28 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.