From: Leo Famulari <leo@famulari.name>
To: guix-devel@gnu.org
Subject: [PATCH 0/1] Update harfbuzz to 1.0.6 (CVE-2016-2052)
Date: Fri, 29 Jan 2016 01:01:19 -0500 [thread overview]
Message-ID: <cover.1454047197.git.leo@famulari.name> (raw)
This patch updates harfbuzz to 1.0.6, fixing CVE-2016-2052 [0].
However, 587 packages depend on harfbuzz [1]. Where should the patch be
applied?
[0]
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2052
[1]
Building the following 199 packages would ensure 388 dependent packages
are rebuilt: avidemux-2.6.10 python-pyqt-5.5 pumpa-0.9.1
owncloud-client-2.1.0 powertabeditor-2.0.0-alpha8 lxqt-session-0.9.0
lxqt-common-0.9.1 tiled-0.13.1 bitcoin-core-0.11.0 fritzing-0.9.2b
i3-wm-4.10.3 xnee-3.19 racket-6.2.1 sawfish-1.11 lxtask-0.1.6
lxrandr-0.3.0 lxappearance-0.6.1 pcmanfm-1.2.3
ruby-atoulme-antwrap-0.7.5 htsjdk-1.129 sra-tools-2.5.4 icedtea-1.13.9
arandr-0.1.8 wicd-1.7.3 gourmet-0.17.4 gajim-0.16.5 pspp-0.8.5
gpscorrelate-1.6.1.365f6e1b3f pinentry-0.9.6 xournal-0.4.8
lxterminal-0.2.0 gkrellm-2.3.5 geeqie-1.1 geda-gaf-1.8.2
dvdisaster-0.72.6 hydrogen-0.9.5.1 qsynth-0.4.0 calf-0.0.60 ir-1.3.2
gnubik-2.4.2 pcb-20140316 jalv-1.4.6 azr3-1.2.3 patchage-1.0.0
ardour-4.4 gst-plugins-ugly-1.6.1 guix-0.9.0.f888c0b scribus-1.5.0
skribilo-0.9.3 a2ps-4.14 emacs-w3m-1.4.538+0.20141022 calibre-2.48.0
orpheus-1.6 ripperx-2.8.0 emms-4.0 abcde-2.7 cereal-1.1.2 soprano-2.9.4
vmpk-0.6.2a ncmpc-0.24 mpd-mpc-0.27 mpdscribble-0.22 ncmpcpp-0.6.7
pidgin-otr-4.0.1 libdbusmenu-qt-0.9.2 libstdc++-doc-5.3.0
libstdc++-doc-4.9.3 manaplus-1.6.1.16 love-0.10.0 wayland-1.9.0
fish-2.2.0 openbox-3.5.2 gmtp-1.3.9 tuxguitar-1.2
conkeror-1.0pre1.20150730 lablgtk-2.18.3 gnubg-1.02 inklingreader-0.8
gxmessage-3.4.3 zathura-cb-0.1.4 zathura-ps-0.2.2
zathura-pdf-poppler-0.2.5 zathura-djvu-0.2.4 pavucontrol-3.0
glade-3.18.3 gnome-keyring-3.18.3 guitarix-0.34.0 devhelp-3.18.1
hexchat-2.10.1 claws-mail-3.13.2 file-roller-3.16.4
ibus-libpinyin-1.7.2 yelp-3.16.1 vte-0.36.5 d-feet-0.3.10 xfce-4.12.0
gsegrafix-1.0.6 libchamplain-0.12.12 tilda-1.3.1 gnome-terminal-3.18.2
epiphany-3.18.2 evince-3.18.1 gedit-3.18.1 shotwell-0.22.0
rhythmbox-3.2.1 gnome-session-3.18.1.2 seahorse-3.18.0
nestopia-ue-1.46.2 gamine-1.4 sfxr-1.2.1 fcitx-4.2.8.6
transmission-2.84 guile-present-0.3.0 eog-3.18.1 gnome-shell-3.18.3
gnome-themes-standard-3.18.0 totem-3.18.1 gnome-mines-3.18.2
key-mon-1.17 gnucash-2.6.9 aisleriot-3.18.2 gnumeric-1.12.24
gnome-klotski-3.18.2 xboard-4.8.0 fvwm-2.6.5
guile-emacs-20150512.41120e0 emacs-no-x-toolkit-24.5 hop-2.4.0
patches-0.0.26d7dbc emacs-debbugs-0.7 emacs-butler-0.2.4
magit-svn-2.1.1 emacs-typo-1.1 emacs-flycheck-0.23
emacs-ob-ipython-20150704.8807064693 emacs-auctex-11.88.6
emacs-undo-tree-0.6.4 abiword-2.8.6 gimp-2.8.14 wesnoth-1.12.4
mplayer-1.2 obs-0.12.4 cmus-2.7.1 mpd-0.19.10 strigi-0.7.8
gst-libav-1.6.1 guile-gnunet-0.0.383eac2 retroarch-1.2.2 audacity-2.1.0
kodi-15.2 gvfs-1.26.2 python-numexpr-2.4.4 python-statsmodels-0.6.1
python-scikit-learn-0.16.1 python-seaborn-0.5.1 python-h5py-2.4.0
python-scikit-image-0.11.3 idr-2.0.0 python-biopython-1.66
python2-ipython-3.2.1 python2-numexpr-2.4.4 libreoffice-5.0.3.2
rseqc-2.6.1 macs-2.1.0.20140616 seqmagick-0.6.1 crossmap-0.2.1
python-ipython-3.2.1 python2-statsmodels-0.6.1
python2-scikit-image-0.11.3 python2-seaborn-0.5.1 couger-1.8.2
python2-warpedlmm-0.21 deeptools-1.5.11 grit-2.0.2
pbtranscript-tofu-2.2.3.8f5467fe6 clipper-0.3.0 miso-0.5.3
asymptote-2.35 proof-general-4.2 unison-2.48.3 fastcap-2.0-18Sep92
simple-scan-3.17.4 hydra-20150407.4c0e3e4 enblend-enfuse-4.1.3
wxmaxima-15.04.0 flann-1.8.4 shogun-4.0.0 xsensors-0.70 mpv-0.15.0
gerbv-2.6.1 frescobaldi-2.18.1 solfege-3.22.2 dunst-1.1.0
synfigstudio-1.0.2 terminology-0.9.1 emotion-generic-players-1.16.0
Leo Famulari (1):
gnu: harfbuzz: Update to 1.0.6 [fixes CVE-2016-2052].
gnu/packages/gtk.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--
2.6.3
next reply other threads:[~2016-01-29 6:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-29 6:01 Leo Famulari [this message]
2016-01-29 6:01 ` [PATCH 1/1] gnu: harfbuzz: Update to 1.0.6 [fixes CVE-2016-2052] Leo Famulari
2016-01-29 8:02 ` Mark H Weaver
2016-01-29 7:41 ` [PATCH 0/1] Update harfbuzz to 1.0.6 (CVE-2016-2052) Efraim Flashner
2016-01-29 8:04 ` Leo Famulari
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1454047197.git.leo@famulari.name \
--to=leo@famulari.name \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).