From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: Libxslt CVE-2016-4738 Date: Wed, 9 Nov 2016 10:20:55 -0500 Message-ID: <20161109152055.GA31320@jasmine> References: <20161108221616.GA2468@jasmine> <87lgwt79m9.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="zhXaljGHf11kAtnf" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:49227) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c4UgW-0003bK-I9 for guix-devel@gnu.org; Wed, 09 Nov 2016 10:21:12 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1c4UgQ-0004DE-8N for guix-devel@gnu.org; Wed, 09 Nov 2016 10:21:08 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:55217) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1c4UgP-00049b-Tm for guix-devel@gnu.org; Wed, 09 Nov 2016 10:21:02 -0500 Content-Disposition: inline In-Reply-To: <87lgwt79m9.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Marius Bakke Cc: guix-devel@gnu.org --zhXaljGHf11kAtnf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 09, 2016 at 12:57:50AM +0000, Marius Bakke wrote: > Leo Famulari writes: >=20 > > Here is a patch to fix CVE-2016-4738 in libxslt. > > From 1cbfeb5bb98924eddf1726fe56987fd1d282e7f8 Mon Sep 17 00:00:00 2001 > > From: Leo Famulari > > Date: Tue, 8 Nov 2016 17:12:01 -0500 > > Subject: [PATCH] gnu: libxslt: Fix CVE-2016-4738. > > > > * gnu/packages/patches/libxslt-CVE-2016-4738.patch: New file. > > * gnu/local.mk (dist_patch_DATA): Add it. > > * gnu/packages/xml.scm (libxslt)[replacement]: New field. > > (libxslt/fixed): New variable. >=20 > Yay, more grafts ;) >=20 > Anyway, LGTM, thanks! Thanks for the reviews. Pushed as 0b34b58688ac0d9bc0e2700acf82269e67ccdfa3 --zhXaljGHf11kAtnf Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJYIz7XAAoJECZG+jC6yn8ISJ4QAIy9wEHDGevrLFnz3QdguYkg a8nbSnuhq0zRROyX+OyEA7Vi7cvyQ6a0rvXQfiXDwyDh45bcwf8/sqF3qDorx/v/ IVX7ycIPBgN0eJjUdr9Yn+Mxnj6DsWoRisGujtRiWwrwpp4vgRIo6ilf2s+fGRWM be1Ss4ts802EC0zx08CjWbswzyodS6tCR3zOYBBlN2hBMNSwm6npvtLws03Zuhb5 9youatQDLpvcy6DJvvroZ7jhpgTzS1cyH/JdKzOlL2GW2kmbbw9zXLCszAUSxls8 Z3jWdTU6e5NXqLczXkloRMlGFIrq3Hmi8NbbLRCKcqQUd0ZKjMz6CEpvhqnSVN6Z vf0w/OWfMBrQmJDMK28x62EsLxC6q671Wm6Os0E3hX0KMNZGTSxGQWoX7rJhtFF0 7sBwMKkadGrDE1A1aNW9tiw5IDr2Jye1w9u8PRzw3x87kvA59oWYO7vsIInY0GzI ZKVZ4LpBvVpfBWKME+M8J31QEy7dUPHG0XI548uMzkGyTdHCyvBZXhFlO2NcRucY i/pPBvLM99ULgmkowLJjnTxqsnWWq0jJKsMHw5FHHmoyaK4yr1cuVdNbVB1V+PJI ueGC3UQUrxx/DIB6/Vmb96/QbvLX2LH1GE46dsTHYcvIq6cBPP9fQdJLXPxk48Mk ZaOhXmUfQBBSc0dqym83 =CHnR -----END PGP SIGNATURE----- --zhXaljGHf11kAtnf--