From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp1 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id lxubNHVJFWCNewAA0tVLHw
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sat, 30 Jan 2021 11:56:37 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1 with LMTPS
	id 0GbfL3VJFWAnKwAAbx9fmQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sat, 30 Jan 2021 11:56:37 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 59CB7940276
	for <larch@yhetil.org>; Sat, 30 Jan 2021 11:56:37 +0000 (UTC)
Received: from localhost ([::1]:50660 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	id 1l5ork-0001iB-CD
	for larch@yhetil.org; Sat, 30 Jan 2021 06:56:36 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:48116)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1l5loU-0003SA-1Y
 for guix-patches@gnu.org; Sat, 30 Jan 2021 03:41:02 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:42075)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1l5loT-0001ca-QR
 for guix-patches@gnu.org; Sat, 30 Jan 2021 03:41:01 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1l5loT-0000d3-OF
 for guix-patches@gnu.org; Sat, 30 Jan 2021 03:41:01 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#46183] [PATCH 0/1] Update gcrypt [URGENT SECURITY ISSUE]
Resent-From: lordyuuma@gmail.com
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sat, 30 Jan 2021 08:41:01 +0000
Resent-Message-ID: <handler.46183.B46183.16119960422373@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 46183
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Ryan Prior <rprior@protonmail.com>, 46183@debbugs.gnu.org
Received: via spool by 46183-submit@debbugs.gnu.org id=B46183.16119960422373
 (code B ref 46183); Sat, 30 Jan 2021 08:41:01 +0000
Received: (at 46183) by debbugs.gnu.org; 30 Jan 2021 08:40:42 +0000
Received: from localhost ([127.0.0.1]:53621 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1l5lo9-0000cC-2R
 for submit@debbugs.gnu.org; Sat, 30 Jan 2021 03:40:41 -0500
Received: from mail-wr1-f48.google.com ([209.85.221.48]:38752)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lordyuuma@gmail.com>) id 1l5l7A-0005mh-DR
 for 46183@debbugs.gnu.org; Sat, 30 Jan 2021 02:56:17 -0500
Received: by mail-wr1-f48.google.com with SMTP id s7so8080351wru.5
 for <46183@debbugs.gnu.org>; Fri, 29 Jan 2021 23:56:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; 
 h=message-id:subject:from:to:date:in-reply-to:references:user-agent
 :mime-version:content-transfer-encoding;
 bh=lhviubRXPxbXOIJF+r/fsP7kdMiOcwPjFln0REmzhJQ=;
 b=nxu1lKbHOH+3h9CnhylAAJXnX4PSOk0y65581w7rauQsFwD3sRQF8i7x2RaXlO1CKP
 tP5kJpIsSh98JPCGizEDPSVQ6o8DJ7W9GNkcJA+Yi8c8mGtI7nHocqQOEyTk4+uzcRr8
 JOB/wVajnW7zkyvor6S15ziL589r7ky3UeH95PuekiwxkWTzs1UGMwxJ4kU5yFOqyoRA
 Rm/l12y5pQz/ovc08IyXkMkUXISnhZdNdIPpKUQ4W/SFWemqaPChdYd90WSFzHn4m/lj
 T5RfCdz70nVc3eXJ/zt4UtNjHPUznTIhQ2p6R/Tnqsx0tVUIYHcbnkkYXat9FxaQNiR/
 MvgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:message-id:subject:from:to:date:in-reply-to
 :references:user-agent:mime-version:content-transfer-encoding;
 bh=lhviubRXPxbXOIJF+r/fsP7kdMiOcwPjFln0REmzhJQ=;
 b=XZe8DlXAbBl4bfIEx3dsY2AHzEw/+jUNepfXxGT5f6wt/ESuxDV1BAyu8BvccikbwV
 hBEMajkMlsNFOWR48CbjxrktWcXh9ZykhaJL25JitYLCu/myZD07fxkivv0VTk8wwW65
 flSHXUv4kHl6oOoWJkC2pH3REwgyNk5AnDDlJH3Bp1Hs6Zz4WM5ZAWZ+B2YpnyBRq3wg
 xcA3wSpzWnv/WDxCdH88SIjF76G6kpiK4mSE0NhyA2CLu5wHD4m/SREM7t6x+pwvifA3
 n8s3QkI5x8Q1GB8OSlOrrcI9TeJtbf80HQ/HR1oa6Zz7/N4not+2H/boQJ0WWBJxBkPk
 m0Vg==
X-Gm-Message-State: AOAM530LpTc0wFwSRuWHEUkw0v27EJpUuO0mEv+o6xMeLmdGyJdW1DWl
 ZPZtJ+nxBJg8F4eW8pbBzts=
X-Google-Smtp-Source: ABdhPJzxojn3kW5asSs2S1jnZbAqCbTZpsVmvq1HzwTRxev9SfrtqycZC3UK83OIpoukJrMsfk8ymg==
X-Received: by 2002:adf:dfc7:: with SMTP id q7mr8388503wrn.153.1611993370222; 
 Fri, 29 Jan 2021 23:56:10 -0800 (PST)
Received: from nijino.local (217-149-173-242.nat.highway.telekom.at.
 [217.149.173.242])
 by smtp.gmail.com with ESMTPSA id q2sm13139133wma.6.2021.01.29.23.56.09
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 29 Jan 2021 23:56:09 -0800 (PST)
Message-ID: <b40eadd0caa5e38195e0684692814d0616fe7429.camel@gmail.com>
From: lordyuuma@gmail.com
Date: Sat, 30 Jan 2021 08:56:08 +0100
In-Reply-To: <20210130042045.16727-1-rprior@protonmail.com>
References: <20210130042045.16727-1-rprior@protonmail.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Sat, 30 Jan 2021 03:40:39 -0500
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-Mailman-Approved-At: Sat, 30 Jan 2021 06:56:29 -0500
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-Spam-Score: -1.25
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20161025 header.b=nxu1lKbH;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none);
	spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org
X-Migadu-Queue-Id: 59CB7940276
X-Spam-Score: -1.25
X-Migadu-Scanner: scn0.migadu.com
X-TUID: 7qEyjwZ5Ds8d

Hi Ryan,

Am Samstag, den 30.01.2021, 04:20 +0000 schrieb Ryan Prior:
> Hi Guix! Please review ASAP. This update fixes an exploitable heap
> overflow.
> 
> https://dev.gnupg.org/T5275
> 
> https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html

I have some good news and some bad news.  The good news is, that
according to your sources this affects only version 1.9.0, so master is
currently safe.  The bad news is, that libgcrypt has more than 10000
dependants, so an update for it should go to core-updates.

Regards,
Leo