* Re: [PATCH 0/4] gnu: libextractor: Fix CVE-2018-{20430,20431}.
@ 2019-01-03 13:12 ` Alex Vong
2019-01-03 19:29 ` [bug#33933] [PATCH 0/4] gnu: libextractor: Fix CVE-2018-{20430, 20431} Leo Famulari
0 siblings, 1 reply; 2+ messages in thread
From: Alex Vong @ 2019-01-03 13:12 UTC (permalink / raw)
To: guix-devel; +Cc: 33933
[-- Attachment #1: Type: text/plain, Size: 428 bytes --]
Hello Guix,
I sent the "gnu: libextractor: Fix CVE-2018-{20430,20431}." patch to
https://debbugs.gnu.org/33933 three days ago. libextractor is needed to
build gnunet, so these fixes are important for gnunet users [I am not
(yet) a user though]. Only the first two patches are directly related,
the rest updates various gnunet-related packages.
Btw, for security fixes, how long should I wait before I ping here?
Thanks,
Alex
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [bug#33933] [PATCH 0/4] gnu: libextractor: Fix CVE-2018-{20430, 20431}.
2019-01-03 13:12 ` [PATCH 0/4] gnu: libextractor: Fix CVE-2018-{20430,20431} Alex Vong
@ 2019-01-03 19:29 ` Leo Famulari
0 siblings, 0 replies; 2+ messages in thread
From: Leo Famulari @ 2019-01-03 19:29 UTC (permalink / raw)
To: Alex Vong; +Cc: guix-devel, 33933
[-- Attachment #1: Type: text/plain, Size: 395 bytes --]
On Thu, Jan 03, 2019 at 09:12:35PM +0800, Alex Vong wrote:
> Btw, for security fixes, how long should I wait before I ping here?
If you are confident in the fix, it's fine to go ahead and commit if
there is no review. Otherwise, a day or two is probably fine. If the
vulnerability is particularly severe, you could send a reminder to
<guix-security@gnu.org>, or email the maintainers directly.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-01-03 19:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <87pntihaht.fsf@gmail.com>
2019-01-03 13:12 ` [PATCH 0/4] gnu: libextractor: Fix CVE-2018-{20430,20431} Alex Vong
2019-01-03 19:29 ` [bug#33933] [PATCH 0/4] gnu: libextractor: Fix CVE-2018-{20430, 20431} Leo Famulari
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).