From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: [PATCH 0/1] Update harfbuzz to 1.0.6 (CVE-2016-2052) Date: Fri, 29 Jan 2016 01:01:19 -0500 Message-ID: Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:51637) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aP27g-0000qS-It for guix-devel@gnu.org; Fri, 29 Jan 2016 01:01:34 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aP27d-0007ZN-Cv for guix-devel@gnu.org; Fri, 29 Jan 2016 01:01:32 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:37503) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aP27d-0007Yx-5k for guix-devel@gnu.org; Fri, 29 Jan 2016 01:01:29 -0500 Received: from jasmine.lan (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231]) by mail.messagingengine.com (Postfix) with ESMTPA id 65621C00016 for ; Fri, 29 Jan 2016 01:01:26 -0500 (EST) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: guix-devel@gnu.org This patch updates harfbuzz to 1.0.6, fixing CVE-2016-2052 [0]. However, 587 packages depend on harfbuzz [1]. Where should the patch be applied? [0] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2052 [1] Building the following 199 packages would ensure 388 dependent packages are rebuilt: avidemux-2.6.10 python-pyqt-5.5 pumpa-0.9.1 owncloud-client-2.1.0 powertabeditor-2.0.0-alpha8 lxqt-session-0.9.0 lxqt-common-0.9.1 tiled-0.13.1 bitcoin-core-0.11.0 fritzing-0.9.2b i3-wm-4.10.3 xnee-3.19 racket-6.2.1 sawfish-1.11 lxtask-0.1.6 lxrandr-0.3.0 lxappearance-0.6.1 pcmanfm-1.2.3 ruby-atoulme-antwrap-0.7.5 htsjdk-1.129 sra-tools-2.5.4 icedtea-1.13.9 arandr-0.1.8 wicd-1.7.3 gourmet-0.17.4 gajim-0.16.5 pspp-0.8.5 gpscorrelate-1.6.1.365f6e1b3f pinentry-0.9.6 xournal-0.4.8 lxterminal-0.2.0 gkrellm-2.3.5 geeqie-1.1 geda-gaf-1.8.2 dvdisaster-0.72.6 hydrogen-0.9.5.1 qsynth-0.4.0 calf-0.0.60 ir-1.3.2 gnubik-2.4.2 pcb-20140316 jalv-1.4.6 azr3-1.2.3 patchage-1.0.0 ardour-4.4 gst-plugins-ugly-1.6.1 guix-0.9.0.f888c0b scribus-1.5.0 skribilo-0.9.3 a2ps-4.14 emacs-w3m-1.4.538+0.20141022 calibre-2.48.0 orpheus-1.6 ripperx-2.8.0 emms-4.0 abcde-2.7 cereal-1.1.2 soprano-2.9.4 vmpk-0.6.2a ncmpc-0.24 mpd-mpc-0.27 mpdscribble-0.22 ncmpcpp-0.6.7 pidgin-otr-4.0.1 libdbusmenu-qt-0.9.2 libstdc++-doc-5.3.0 libstdc++-doc-4.9.3 manaplus-1.6.1.16 love-0.10.0 wayland-1.9.0 fish-2.2.0 openbox-3.5.2 gmtp-1.3.9 tuxguitar-1.2 conkeror-1.0pre1.20150730 lablgtk-2.18.3 gnubg-1.02 inklingreader-0.8 gxmessage-3.4.3 zathura-cb-0.1.4 zathura-ps-0.2.2 zathura-pdf-poppler-0.2.5 zathura-djvu-0.2.4 pavucontrol-3.0 glade-3.18.3 gnome-keyring-3.18.3 guitarix-0.34.0 devhelp-3.18.1 hexchat-2.10.1 claws-mail-3.13.2 file-roller-3.16.4 ibus-libpinyin-1.7.2 yelp-3.16.1 vte-0.36.5 d-feet-0.3.10 xfce-4.12.0 gsegrafix-1.0.6 libchamplain-0.12.12 tilda-1.3.1 gnome-terminal-3.18.2 epiphany-3.18.2 evince-3.18.1 gedit-3.18.1 shotwell-0.22.0 rhythmbox-3.2.1 gnome-session-3.18.1.2 seahorse-3.18.0 nestopia-ue-1.46.2 gamine-1.4 sfxr-1.2.1 fcitx-4.2.8.6 transmission-2.84 guile-present-0.3.0 eog-3.18.1 gnome-shell-3.18.3 gnome-themes-standard-3.18.0 totem-3.18.1 gnome-mines-3.18.2 key-mon-1.17 gnucash-2.6.9 aisleriot-3.18.2 gnumeric-1.12.24 gnome-klotski-3.18.2 xboard-4.8.0 fvwm-2.6.5 guile-emacs-20150512.41120e0 emacs-no-x-toolkit-24.5 hop-2.4.0 patches-0.0.26d7dbc emacs-debbugs-0.7 emacs-butler-0.2.4 magit-svn-2.1.1 emacs-typo-1.1 emacs-flycheck-0.23 emacs-ob-ipython-20150704.8807064693 emacs-auctex-11.88.6 emacs-undo-tree-0.6.4 abiword-2.8.6 gimp-2.8.14 wesnoth-1.12.4 mplayer-1.2 obs-0.12.4 cmus-2.7.1 mpd-0.19.10 strigi-0.7.8 gst-libav-1.6.1 guile-gnunet-0.0.383eac2 retroarch-1.2.2 audacity-2.1.0 kodi-15.2 gvfs-1.26.2 python-numexpr-2.4.4 python-statsmodels-0.6.1 python-scikit-learn-0.16.1 python-seaborn-0.5.1 python-h5py-2.4.0 python-scikit-image-0.11.3 idr-2.0.0 python-biopython-1.66 python2-ipython-3.2.1 python2-numexpr-2.4.4 libreoffice-5.0.3.2 rseqc-2.6.1 macs-2.1.0.20140616 seqmagick-0.6.1 crossmap-0.2.1 python-ipython-3.2.1 python2-statsmodels-0.6.1 python2-scikit-image-0.11.3 python2-seaborn-0.5.1 couger-1.8.2 python2-warpedlmm-0.21 deeptools-1.5.11 grit-2.0.2 pbtranscript-tofu-2.2.3.8f5467fe6 clipper-0.3.0 miso-0.5.3 asymptote-2.35 proof-general-4.2 unison-2.48.3 fastcap-2.0-18Sep92 simple-scan-3.17.4 hydra-20150407.4c0e3e4 enblend-enfuse-4.1.3 wxmaxima-15.04.0 flann-1.8.4 shogun-4.0.0 xsensors-0.70 mpv-0.15.0 gerbv-2.6.1 frescobaldi-2.18.1 solfege-3.22.2 dunst-1.1.0 synfigstudio-1.0.2 terminology-0.9.1 emotion-generic-players-1.16.0 Leo Famulari (1): gnu: harfbuzz: Update to 1.0.6 [fixes CVE-2016-2052]. gnu/packages/gtk.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.6.3