From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues]. Date: Thu, 12 Jan 2017 17:17:23 -0500 Message-ID: <20170112221723.GA20450@jasmine> References: <20170112201353.29406-1-mbakke@fastmail.com> <20170112215005.GA13508@jasmine> <87o9zc54d8.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="MGYHOYXEY6WxJCY8" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:43163) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cRngY-0005zx-Ih for guix-devel@gnu.org; Thu, 12 Jan 2017 17:17:31 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cRngV-0005Yp-DH for guix-devel@gnu.org; Thu, 12 Jan 2017 17:17:30 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:33120) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cRngV-0005YQ-8e for guix-devel@gnu.org; Thu, 12 Jan 2017 17:17:27 -0500 Content-Disposition: inline In-Reply-To: <87o9zc54d8.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Marius Bakke Cc: guix-devel@gnu.org --MGYHOYXEY6WxJCY8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 12, 2017 at 10:56:51PM +0100, Marius Bakke wrote: > Leo Famulari writes: >=20 > > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote: > >> * gnu/packages/ed.scm (ed-1.14.1): New variable. > >> (ed)[replacement]: New field. > > > > Can you add a comment with a link to the bug report? > > > > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html >=20 > Good find. I wonder, was this issue only present in the unreleased > 1.14.0? I can't reproduce it with the current Guix version. Good catch; I can only reproduce it with 1.14, and the ed maintainer points out that it was introduced in 1.14. > I'll wait and see what the response on oss-sec is. Maybe we can just > push the update to core-updates. I think it's fine for core-updates. --MGYHOYXEY6WxJCY8 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlh4AHAACgkQJkb6MLrK fwidERAAz37Cpf7gwCzlW/0Ng+x+pmOQkye9UvrByDyrUGGYEf7+uPWUPoIAnnqP A5OT8Eb7Nz0y4cDDgjHj1GtmE0oF616J6ZFbgokgiTCv60Vi7ZlzN+hGvwRbbWZI IIh8Ez1RT8TeP+NudEgOEiwaJ90selQ+TMbYUJC9FAOCfiK3kHCXnPFkzlOhaqQ3 he0eUsFiVvyIO5+uYC3s4Y085iPSHQ6y66JTBz02jnTGRv2MpfU3Hzl7pieWlzLS kFvlvAIgqyFJEeS3aGfmDUoP6ePFaz4yJ7uf8SB841xjG3TKCARAGVN4IxLvtVO/ dnSoPX3I84aMtMkLv/nQHII7HMu/DqbKSrodpBIMFuf2WG266ynYFPxDmh3t1x6i Uh9Q24IaM+DLfP1jw8Q2+AY7A4gCneZC7OZeDGcCnaiuKbWZxcjEbYNB2hJji4ql lQdoa8ogC7lJMPVfmzVMqWL2VtU5OnN8BNTb/nW5pq6Sa4Htyy+Md204C33odi1a Ph1iXSjm4yyqr9ocBwAf5Oes8HwYPo48rqY1x+908QuhjiPojUh7Jh3FXBZ4RqGG CbmZEYT/2b9kQ6YfBs+PL1CKzwsCICUyiH6lH79BUYNSjAAnT2qhZDzV6OXXBSje eFja8XicSgk5Q8okOXTn2VLeszoo/gZ1+XsXk8LSNkG7TboXADo= =0nDH -----END PGP SIGNATURE----- --MGYHOYXEY6WxJCY8--