unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* glib@2.62.6 is vulnerable to CVE-2021-27218 and CVE-2021-27219
@ 2021-03-10 23:44 Léo Le Bouter
  2021-03-11  8:28 ` Mark H Weaver
  0 siblings, 1 reply; 4+ messages in thread
From: Léo Le Bouter @ 2021-03-10 23:44 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/plain, Size: 507 bytes --]

Upstream does not provide fixes for the 2.62.x series so we need to
backport ourselves.

I would rather switch to upstream-supported version (2.66.x or later)
as backporting patches does not appear sustainable for us, we already
have enough on our plate.

See:
- https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942 (CVE-2021-
27218)
- https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944 (CVE-2021-
27218)
- https://gitlab.gnome.org/GNOME/glib/-/issues/2319 (CVE-2021-27219)

Léo

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-03-11 11:47 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-10 23:44 glib@2.62.6 is vulnerable to CVE-2021-27218 and CVE-2021-27219 Léo Le Bouter
2021-03-11  8:28 ` Mark H Weaver
2021-03-11 11:23   ` Mark H Weaver
2021-03-11 11:46     ` Léo Le Bouter

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).