On Mon, Nov 28, 2016 at 10:06:41PM -0500, Leo Famulari wrote:
> On Mon, Nov 28, 2016 at 09:30:53PM +0200, Efraim Flashner wrote:
> > The previous patch somehow stopped working for me, and I was getting
> > complaints about unbound variable cairo/fixed, so I rewrote the patch to
> > have every cairo use the patch separately.
> 
> Thanks for taking on this tricky bug fix!
> 
> > diff --git a/gnu/packages/patches/cairo-CVE-2016-9082.patch b/gnu/packages/patches/cairo-CVE-2016-9082.patch
> 
> Please add a link to the patch source in the patch file. I know it can
> be found in the linked bug report, but it does help readers to be
> explicit, in my opinion.
> 
> Otherwise LGTM.
> 
> The patch is not in the cairo repo yet, AFAICT:
> 
> https://cgit.freedesktop.org/cairo/
> 
> But, Debian did use it:
> 
> https://anonscm.debian.org/cgit/collab-maint/cairo.git/tree/debian/patches/07_CVE-2016-9082.patch
> 
> Can you follow the upstream resolution of the bug in case they decide to
> use a different patch?

sure



-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted