all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* [PATCH 0/1] fontconfig: CVE-2016-5384
@ 2016-08-08 22:59 Leo Famulari
  2016-08-08 22:59 ` [PATCH 1/1] gnu: fontconfig: Fix CVE-2016-5384 Leo Famulari
  2016-08-08 23:17 ` [PATCH 0/1] fontconfig: CVE-2016-5384 Mark H Weaver
  0 siblings, 2 replies; 4+ messages in thread
From: Leo Famulari @ 2016-08-08 22:59 UTC (permalink / raw)
  To: guix-devel

This patch uses a graft to apply the upstream fix to fontconfig for
CVE-2016-5384. I learned about the bug from a Debian security advisory:

https://security-tracker.debian.org/tracker/CVE-2016-5384
https://www.debian.org/security/2016/dsa-3644

Another potential option is to try grafting the latest version of
fontconfig, 2.12.1.

One way or another, ~2000 packages are depend on fontconfig.

Thoughts?

Leo Famulari (1):
  gnu: fontconfig: Fix CVE-2016-5384.

 gnu/local.mk                                       |   1 +
 gnu/packages/fontutils.scm                         |   8 +
 .../patches/fontconfig-CVE-2016-5384.patch         | 170 +++++++++++++++++++++
 3 files changed, 179 insertions(+)
 create mode 100644 gnu/packages/patches/fontconfig-CVE-2016-5384.patch

-- 
2.9.2

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2016-08-09  0:34 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-08-08 22:59 [PATCH 0/1] fontconfig: CVE-2016-5384 Leo Famulari
2016-08-08 22:59 ` [PATCH 1/1] gnu: fontconfig: Fix CVE-2016-5384 Leo Famulari
2016-08-08 23:17 ` [PATCH 0/1] fontconfig: CVE-2016-5384 Mark H Weaver
2016-08-09  0:33   ` Leo Famulari

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.