From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54768)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fMw0o-0005pf-2g
	for guix-patches@gnu.org; Sun, 27 May 2018 09:47:06 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fMw0l-0006df-0c
	for guix-patches@gnu.org; Sun, 27 May 2018 09:47:06 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:42356)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1fMw0k-0006dG-T2
	for guix-patches@gnu.org; Sun, 27 May 2018 09:47:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fMw0k-0004MB-ES
	for guix-patches@gnu.org; Sun, 27 May 2018 09:47:02 -0400
Subject: [bug#31487] [PATCH] gnu: Add upx.
Resent-Message-ID: <handler.31487.B31487.152742881816737@debbugs.gnu.org>
References: <20180517225109.12033-1-ambrevar@gmail.com>
	<87lgc6yy1t.fsf@gnu.org>
From: Pierre Neidhardt <ambrevar@gmail.com>
In-reply-to: <87lgc6yy1t.fsf@gnu.org>
Date: Sun, 27 May 2018 15:46:48 +0200
Message-ID: <87muwli52v.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 31487@debbugs.gnu.org

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Ludovic Court=C3=A8s <ludo@gnu.org> writes:

> There=E2=80=99s one issue left though:
>
>   $ ./pre-inst-env guix lint upx
>   gnu/packages/compression.scm:2179:2: upx@3.94: probably vulnerable to C=
VE-2017-15056, CVE-2017-16869
>
> Could you check whether patches are available for these?  Better be safe
> than sorry!

Indeed they are.
They are not on the master branch though, only devel I think.
So what's the protocol here?  Shall we cherry-pick the fixing commits or
get latest devel?

=2D-=20
Pierre Neidhardt

The day advanced as if to light some work of mine; it was morning,
and lo! now it is evening, and nothing memorable is accomplished.
		-- H.D. Thoreau

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEUPM+LlsMPZAEJKvom9z0l6S7zH8FAlsKtsgACgkQm9z0l6S7
zH/smgf9EWLiEL7tO6LGmtd86EjQmaBM3+0L/AUY6x5Yuwr2kp5s7qJTJS9DKgdU
GCNuEJHbiLEogdJD5mjl+hXfOs5Z7ZdyKUIousuuHJjfsvyXUWZ29zHDMGchN2x3
XBUGfk0znTs1kQyPgsMSiWeiTd5tg+M0o8ocitLkwThcGQdNq8pigsOKxt/ZYgpI
pHYC2d28ZseN/ZHx6qk435DNNmJOPtO40kkd56VIAZgKbeEwpObt5HmKa94ONkuy
5VUzcj9HM09azwhlUsTqVvVQY1TMqTzdEHr7Rw4NhHWD9ahPgeDmzLVwyDB1BQ+6
o3MacNjo10MGiN5HYpmRKgcPk+xGrw==
=BTua
-----END PGP SIGNATURE-----
--=-=-=--