unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* [PATCH 0/1] Update harfbuzz to 1.0.6 (CVE-2016-2052)
@ 2016-01-29  6:01 Leo Famulari
  2016-01-29  6:01 ` [PATCH 1/1] gnu: harfbuzz: Update to 1.0.6 [fixes CVE-2016-2052] Leo Famulari
  2016-01-29  7:41 ` [PATCH 0/1] Update harfbuzz to 1.0.6 (CVE-2016-2052) Efraim Flashner
  0 siblings, 2 replies; 5+ messages in thread
From: Leo Famulari @ 2016-01-29  6:01 UTC (permalink / raw)
  To: guix-devel

This patch updates harfbuzz to 1.0.6, fixing CVE-2016-2052 [0].

However, 587 packages depend on harfbuzz [1]. Where should the patch be
applied?

[0]
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2052

[1]
Building the following 199 packages would ensure 388 dependent packages 
are rebuilt: avidemux-2.6.10 python-pyqt-5.5 pumpa-0.9.1 
owncloud-client-2.1.0 powertabeditor-2.0.0-alpha8 lxqt-session-0.9.0 
lxqt-common-0.9.1 tiled-0.13.1 bitcoin-core-0.11.0 fritzing-0.9.2b 
i3-wm-4.10.3 xnee-3.19 racket-6.2.1 sawfish-1.11 lxtask-0.1.6 
lxrandr-0.3.0 lxappearance-0.6.1 pcmanfm-1.2.3 
ruby-atoulme-antwrap-0.7.5 htsjdk-1.129 sra-tools-2.5.4 icedtea-1.13.9 
arandr-0.1.8 wicd-1.7.3 gourmet-0.17.4 gajim-0.16.5 pspp-0.8.5 
gpscorrelate-1.6.1.365f6e1b3f pinentry-0.9.6 xournal-0.4.8 
lxterminal-0.2.0 gkrellm-2.3.5 geeqie-1.1 geda-gaf-1.8.2 
dvdisaster-0.72.6 hydrogen-0.9.5.1 qsynth-0.4.0 calf-0.0.60 ir-1.3.2 
gnubik-2.4.2 pcb-20140316 jalv-1.4.6 azr3-1.2.3 patchage-1.0.0 
ardour-4.4 gst-plugins-ugly-1.6.1 guix-0.9.0.f888c0b scribus-1.5.0 
skribilo-0.9.3 a2ps-4.14 emacs-w3m-1.4.538+0.20141022 calibre-2.48.0 
orpheus-1.6 ripperx-2.8.0 emms-4.0 abcde-2.7 cereal-1.1.2 soprano-2.9.4 
vmpk-0.6.2a ncmpc-0.24 mpd-mpc-0.27 mpdscribble-0.22 ncmpcpp-0.6.7 
pidgin-otr-4.0.1 libdbusmenu-qt-0.9.2 libstdc++-doc-5.3.0 
libstdc++-doc-4.9.3 manaplus-1.6.1.16 love-0.10.0 wayland-1.9.0 
fish-2.2.0 openbox-3.5.2 gmtp-1.3.9 tuxguitar-1.2 
conkeror-1.0pre1.20150730 lablgtk-2.18.3 gnubg-1.02 inklingreader-0.8 
gxmessage-3.4.3 zathura-cb-0.1.4 zathura-ps-0.2.2 
zathura-pdf-poppler-0.2.5 zathura-djvu-0.2.4 pavucontrol-3.0 
glade-3.18.3 gnome-keyring-3.18.3 guitarix-0.34.0 devhelp-3.18.1 
hexchat-2.10.1 claws-mail-3.13.2 file-roller-3.16.4 
ibus-libpinyin-1.7.2 yelp-3.16.1 vte-0.36.5 d-feet-0.3.10 xfce-4.12.0 
gsegrafix-1.0.6 libchamplain-0.12.12 tilda-1.3.1 gnome-terminal-3.18.2 
epiphany-3.18.2 evince-3.18.1 gedit-3.18.1 shotwell-0.22.0 
rhythmbox-3.2.1 gnome-session-3.18.1.2 seahorse-3.18.0 
nestopia-ue-1.46.2 gamine-1.4 sfxr-1.2.1 fcitx-4.2.8.6 
transmission-2.84 guile-present-0.3.0 eog-3.18.1 gnome-shell-3.18.3 
gnome-themes-standard-3.18.0 totem-3.18.1 gnome-mines-3.18.2 
key-mon-1.17 gnucash-2.6.9 aisleriot-3.18.2 gnumeric-1.12.24 
gnome-klotski-3.18.2 xboard-4.8.0 fvwm-2.6.5 
guile-emacs-20150512.41120e0 emacs-no-x-toolkit-24.5 hop-2.4.0 
patches-0.0.26d7dbc emacs-debbugs-0.7 emacs-butler-0.2.4 
magit-svn-2.1.1 emacs-typo-1.1 emacs-flycheck-0.23 
emacs-ob-ipython-20150704.8807064693 emacs-auctex-11.88.6 
emacs-undo-tree-0.6.4 abiword-2.8.6 gimp-2.8.14 wesnoth-1.12.4 
mplayer-1.2 obs-0.12.4 cmus-2.7.1 mpd-0.19.10 strigi-0.7.8 
gst-libav-1.6.1 guile-gnunet-0.0.383eac2 retroarch-1.2.2 audacity-2.1.0 
kodi-15.2 gvfs-1.26.2 python-numexpr-2.4.4 python-statsmodels-0.6.1 
python-scikit-learn-0.16.1 python-seaborn-0.5.1 python-h5py-2.4.0 
python-scikit-image-0.11.3 idr-2.0.0 python-biopython-1.66 
python2-ipython-3.2.1 python2-numexpr-2.4.4 libreoffice-5.0.3.2 
rseqc-2.6.1 macs-2.1.0.20140616 seqmagick-0.6.1 crossmap-0.2.1 
python-ipython-3.2.1 python2-statsmodels-0.6.1 
python2-scikit-image-0.11.3 python2-seaborn-0.5.1 couger-1.8.2 
python2-warpedlmm-0.21 deeptools-1.5.11 grit-2.0.2 
pbtranscript-tofu-2.2.3.8f5467fe6 clipper-0.3.0 miso-0.5.3 
asymptote-2.35 proof-general-4.2 unison-2.48.3 fastcap-2.0-18Sep92 
simple-scan-3.17.4 hydra-20150407.4c0e3e4 enblend-enfuse-4.1.3 
wxmaxima-15.04.0 flann-1.8.4 shogun-4.0.0 xsensors-0.70 mpv-0.15.0 
gerbv-2.6.1 frescobaldi-2.18.1 solfege-3.22.2 dunst-1.1.0 
synfigstudio-1.0.2 terminology-0.9.1 emotion-generic-players-1.16.0 

Leo Famulari (1):
  gnu: harfbuzz: Update to 1.0.6 [fixes CVE-2016-2052].

 gnu/packages/gtk.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.6.3

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2016-01-29  8:04 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-01-29  6:01 [PATCH 0/1] Update harfbuzz to 1.0.6 (CVE-2016-2052) Leo Famulari
2016-01-29  6:01 ` [PATCH 1/1] gnu: harfbuzz: Update to 1.0.6 [fixes CVE-2016-2052] Leo Famulari
2016-01-29  8:02   ` Mark H Weaver
2016-01-29  7:41 ` [PATCH 0/1] Update harfbuzz to 1.0.6 (CVE-2016-2052) Efraim Flashner
2016-01-29  8:04   ` Leo Famulari

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).