unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* [PATCH 0/1] libyaml: Fix CVE-2014-9130.
@ 2016-05-29  0:27 Leo Famulari
  2016-05-29  0:27 ` [PATCH 1/1] gnu: " Leo Famulari
  2016-05-29 22:15 ` [PATCH 0/1] " Ludovic Courtès
  0 siblings, 2 replies; 3+ messages in thread
From: Leo Famulari @ 2016-05-29  0:27 UTC (permalink / raw)
  To: guix-devel

This is a cherry-picked upstream commit [0] that fixes CVE-2014-9130 [1].

Debian used the same patch. You can find it by clicking on VCS here:
https://tracker.debian.org/pkg/libyaml

I don't link directly to that VCS because the repo is on the
maintainer's domain, so you should follow the link from Debian's domain
yourself.

[0]
https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2

[1]
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130

Leo Famulari (1):
  gnu: libyaml: Fix CVE-2014-9130.

 gnu/local.mk                                     |  1 +
 gnu/packages/patches/libyaml-CVE-2014-9130.patch | 30 ++++++++++++++++++++++++
 gnu/packages/web.scm                             |  3 ++-
 3 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/libyaml-CVE-2014-9130.patch

-- 
2.8.3

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2016-05-29 22:15 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-05-29  0:27 [PATCH 0/1] libyaml: Fix CVE-2014-9130 Leo Famulari
2016-05-29  0:27 ` [PATCH 1/1] gnu: " Leo Famulari
2016-05-29 22:15 ` [PATCH 0/1] " Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).