From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marius Bakke Subject: Re: [PATCH] gnu: lcms: Update to 2.8. Date: Thu, 09 Feb 2017 15:13:01 +0100 Message-ID: <8760kjv4eq.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> References: <87k28zmv50.fsf@gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:55045) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cbpTA-0001mR-Di for guix-devel@gnu.org; Thu, 09 Feb 2017 09:13:09 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cbpT6-0000qF-DK for guix-devel@gnu.org; Thu, 09 Feb 2017 09:13:08 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:56349) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cbpT6-0000pS-42 for guix-devel@gnu.org; Thu, 09 Feb 2017 09:13:04 -0500 In-Reply-To: <87k28zmv50.fsf@gmail.com> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Alex Vong , guix-devel@gnu.org --=-=-= Content-Type: text/plain Alex Vong writes: > Hi, > > This patch update lcms to 2.8: Thank you for this! > Besides, the security bug in which 'lcms-fix-out-of-bounds-read.patch' > fixed has been assigned CVE-2016-10165 according to [0], should we > change the name of the patch? > > [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1367357 Good catch. Would you like to do it? Could you submit this patch against the 'core-updates' branch? LCMS causes ~1800 rebuilds which is too much for 'master'. The CVE patch has also been 'un-grafted' in core-updates, so the context will be slightly different. TIA! --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAliceO0ACgkQoqBt8qM6 VPq8TQf/U7RqnuuDmstXOeMxPmox74gwQQxVNjgFrvZuxrRj4wX+tE/0I85xwxHH /1R6+/epI9H6SE3QCGlLHCbkqP8EIiV8sQ/nnt8PG2UjPF14E5ESTXCtUE17gSCP iXL+2bpWtqSNhuAGL+FgdySeo7gX9OLmERQQj2aLnSOgMJwLrV1MFJ9VBF/5Okb7 sbyEcYoF/bldwKfmzGkj8Sc5d8Bv8CYJoEwZvcwZlgt3V+KbG0XJPZdbD6gvWuqX eXkc2tjlk6OmvsavGDFC+1u+80pJ5TMuPmzbf99jPu05lqYOMIW55n80GleZKpfv HjHix5MCAd+EUgNb5v+/EwltkGrayw== =K78y -----END PGP SIGNATURE----- --=-=-=--