unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* Re: [PATCH 0/4] gnu: libextractor: Fix CVE-2018-{20430,20431}.
@ 2019-01-03 13:12 ` Alex Vong
  2019-01-03 19:29   ` [bug#33933] [PATCH 0/4] gnu: libextractor: Fix CVE-2018-{20430, 20431} Leo Famulari
  0 siblings, 1 reply; 2+ messages in thread
From: Alex Vong @ 2019-01-03 13:12 UTC (permalink / raw)
  To: guix-devel; +Cc: 33933

[-- Attachment #1: Type: text/plain, Size: 428 bytes --]

Hello Guix,

I sent the "gnu: libextractor: Fix CVE-2018-{20430,20431}." patch to
https://debbugs.gnu.org/33933 three days ago. libextractor is needed to
build gnunet, so these fixes are important for gnunet users [I am not
(yet) a user though]. Only the first two patches are directly related,
the rest updates various gnunet-related packages.

Btw, for security fixes, how long should I wait before I ping here?

Thanks,
Alex

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [bug#33933] [PATCH 0/4] gnu: libextractor: Fix CVE-2018-{20430, 20431}.
  2019-01-03 13:12 ` [PATCH 0/4] gnu: libextractor: Fix CVE-2018-{20430,20431} Alex Vong
@ 2019-01-03 19:29   ` Leo Famulari
  0 siblings, 0 replies; 2+ messages in thread
From: Leo Famulari @ 2019-01-03 19:29 UTC (permalink / raw)
  To: Alex Vong; +Cc: guix-devel, 33933

[-- Attachment #1: Type: text/plain, Size: 395 bytes --]

On Thu, Jan 03, 2019 at 09:12:35PM +0800, Alex Vong wrote:
> Btw, for security fixes, how long should I wait before I ping here?

If you are confident in the fix, it's fine to go ahead and commit if
there is no review. Otherwise, a day or two is probably fine. If the
vulnerability is particularly severe, you could send a reminder to
<guix-security@gnu.org>, or email the maintainers directly.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-01-03 19:29 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <87pntihaht.fsf@gmail.com>
2019-01-03 13:12 ` [PATCH 0/4] gnu: libextractor: Fix CVE-2018-{20430,20431} Alex Vong
2019-01-03 19:29   ` [bug#33933] [PATCH 0/4] gnu: libextractor: Fix CVE-2018-{20430, 20431} Leo Famulari

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).