From mboxrd@z Thu Jan  1 00:00:00 1970
From: Danny Milosavljevic <dannym@scratchpost.org>
Subject: Re: Unpatched security flaws in GNU IceCat 38
Date: Thu, 4 Aug 2016 09:16:18 +0200
Message-ID: <20160804091618.51a4ee68@scratchpost.org>
References: <87lh0dz106.fsf@netris.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:40902)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dannym@scratchpost.org>) id 1bVCtE-0006IZ-Td
	for guix-devel@gnu.org; Thu, 04 Aug 2016 03:16:26 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dannym@scratchpost.org>) id 1bVCtB-0006Yb-Kt
	for guix-devel@gnu.org; Thu, 04 Aug 2016 03:16:24 -0400
Received: from dd1012.kasserver.com ([85.13.128.8]:47268)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dannym@scratchpost.org>) id 1bVCtB-0006YN-Dr
	for guix-devel@gnu.org; Thu, 04 Aug 2016 03:16:21 -0400
In-Reply-To: <87lh0dz106.fsf@netris.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Mark H Weaver <mhw@netris.org>, guix-devel@gnu.org

Hi Mark,

On Wed, 03 Aug 2016 23:06:17 -0400
Mark H Weaver <mhw@netris.org> wrote:

> I'm sorry to report that GNU IceCat 38 can no longer be safely used, due
> to critical security flaws that are believed to allow remote code
> execution.  I was unable to backport upstream fixes from 45.3 to 38.
>=20
> Until IceCat 45.3 is available, I recommend that you use Epiphany.

Thanks for the heads-up!

However:

$ guix package -i epiphany --keep-failed
[...]
Downloading invm90=E2=80=A6-epiphany-3.20.1 (9.3MiB installed)...
 epiphany-3.20.1                            734KiB/s 00:04 | 2.6MiB transfe=
rred
grafting '/gnu/store/da02rjcnykk7nxq2819paqp6cs7w5caf-libwnck-3.14.1' -> '/=
gnu/store/bvjs813j4jmpdlm4q6gcjj65lwkfbipy-libwnck-3.14.1'...
ERROR: In procedure char-set-contains?: Wrong type argument in position 2 (=
expecting character): note: keeping build directory `/tmp/guix-build-libwnc=
k-3.14.1.drv-0'
builder for `/gnu/store/1x5zl6wssilbdpmadmxzp14qv7rjapv9-libwnck-3.14.1.drv=
' failed due to signal 11 (Segmentation fault)
cannot build derivation `/gnu/store/9zihnrz2q6vdkw6kgskdl8pzjwn2kqdz-epipha=
ny-3.20.1.drv': 1 dependencies couldn't be built