From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: bug#25935: [PATCH] gnu: mupdf: Fix CVE-2017-{5896,5991}. Date: Fri, 3 Mar 2017 04:55:16 -0500 Message-ID: <20170303095516.GA16917@jasmine> References: <87wpc7bz0u.fsf@gmail.com> <20170302181150.GA9579@jasmine> <877f466gmc.fsf@gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="W/nzBZO5zC0uMSeA" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:60668) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjjvo-0001Tt-Ui for guix-devel@gnu.org; Fri, 03 Mar 2017 04:55:27 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cjjvk-0001fz-1u for guix-devel@gnu.org; Fri, 03 Mar 2017 04:55:25 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:40427) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cjjvj-0001fV-S3 for guix-devel@gnu.org; Fri, 03 Mar 2017 04:55:19 -0500 Content-Disposition: inline In-Reply-To: <877f466gmc.fsf@gmail.com> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Alex Vong Cc: guix-devel@gnu.org, 25935@debbugs.gnu.org --W/nzBZO5zC0uMSeA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 03, 2017 at 02:04:11PM +0800, Alex Vong wrote: > Leo Famulari writes: >=20 > > On Thu, Mar 02, 2017 at 09:15:29PM +0800, Alex Vong wrote: > >> This patch (applied to core-updates) fixes the two CVEs disclosed rece= ntly. > > > > Can you send a patch for the master branch instead? The patches should > > be applied to mupdf/fixed in (gnu packages pdf). >=20 > Sure, here it is: >=20 > From 24ceef58b2ebb70d45c01e7e1bc43cc2056f8705 Mon Sep 17 00:00:00 2001 > From: Alex Vong > Date: Thu, 2 Mar 2017 19:59:05 +0800 > Subject: [PATCH] gnu: mupdf: Fix CVE-2017-{5896,5991}. >=20 > * gnu/packages/patches/mupdf-CVE-2017-5896.patch, > gnu/packages/patches/mupdf-CVE-2017-5991.patch: New files. > * gnu/packages/pdf.scm (mupdf/fixed)[source]: Add patches. > * gnu/local.mk (dist_patch_DATA): Add them. Thanks, pushed! --W/nzBZO5zC0uMSeA Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAli5PYQACgkQJkb6MLrK fwgrkBAA1UtkPDpYZeFwU4ezRK7CS43jEu0RamPi+MyDoY5pEJhkeFL9iIVaJ7KK 1aWcftJMm7yHWgrCPRg9wTE430WXRqFLf1RhkmRyS1F+V1hJC7OJw8wKm9LIwTV5 WWs9xRy618P1Is7TJAxPSiFzHZ17hF/704akLSDpY+ptkImxtddZrjeqCkMNtvvU w1bQ1oEDZhyge1dNe1qA220QeXzxhdK/7V86y0z2KUt7jzGr9ok7lSBQzCfFGQ3A XFat5J3PK0W0TRDyy6Uq92ZdUWO0Hmg+AqGg466on4sqvb3UitCrB4IOSZCFk+k6 I8ufk8v9pg+3xIvONx5TCzDt3MfuYJh//wGrTz4CSQ90W4ZwOkkMtn7ediWhw0Tw zBRjDDmarSr/21pJ9onV4Sh7wfLDqIKECUg/2MrxQAxP5VBANb3S30t/Lnu2x+KX 40MXrYtHsqf3yQ3fFIfA4GfEikCUVZtyyab/QXHgMfYRf0ybREM5nxm92K55Fcu3 LbtqvyLG98BKAed7xmOuGSUgDXxvubdyec8qJX0desFRF7iiSuonT0OX9xCUFNPl sUVsRNXarxGRt2BJt6SovhtROMHeKwNzbss7EvRr1soGwDR7w3KwcEbGmipSpXBq 0Fk4KtA9yw+ljyj2iiR5bS8AVpJ9Z6wFZSbh5G9IbVEnYFnz1XU= =raHJ -----END PGP SIGNATURE----- --W/nzBZO5zC0uMSeA--