From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andreas Enge Subject: Re: [PATCH 0/1] Curl security update (CVE-2016-0755) Date: Thu, 28 Jan 2016 18:28:05 +0100 Message-ID: <20160128172805.GA3975@debian> References: <20160127200345.GA3999@debian> <20160127223058.GA14947@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:60987) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aOqMi-0004hr-Un for guix-devel@gnu.org; Thu, 28 Jan 2016 12:28:17 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aOqMd-0002cJ-UN for guix-devel@gnu.org; Thu, 28 Jan 2016 12:28:16 -0500 Received: from mailrelay7.public.one.com ([91.198.169.215]:16091) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aOqMd-0002c9-6l for guix-devel@gnu.org; Thu, 28 Jan 2016 12:28:11 -0500 Content-Disposition: inline In-Reply-To: <20160127223058.GA14947@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Leo Famulari Cc: guix-devel@gnu.org On Wed, Jan 27, 2016 at 05:30:58PM -0500, Leo Famulari wrote: > Civodul and mark_weaver discussed how best to apply it on #guix. I think > the plan is to build it in a branch with tomorrow's OpenSSL security > update. Very well. Some garbage managed to crawl into the commit message: gnu: curl: Update to 7.47.0 [fixes CVE-2016-0755]. To: guix-devel@gnu.org Date: Wed, 27 Jan 2016 13:57:23 -0500 (19 hours, 58 minutes, 42 seconds ago) * gnu/packages/curl.scm (curl): Update to 7.47.0. So once the branch is built, I would suggest to not merge it back into master, but instead to cherry-pick the two commits and to fix the commit message for curl. Thanks for all this important work! Andreas