From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33596) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dYHUT-0001C0-Tr for guix-patches@gnu.org; Thu, 20 Jul 2017 15:52:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dYHUR-0006Ae-An for guix-patches@gnu.org; Thu, 20 Jul 2017 15:52:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:47365) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dYHUR-0006AY-0f for guix-patches@gnu.org; Thu, 20 Jul 2017 15:52:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dYHUQ-0006OG-Qb for guix-patches@gnu.org; Thu, 20 Jul 2017 15:52:02 -0400 Subject: [bug#27749] [PATCH] gnu: heimdal: Update to 7.4.0 [fixes CVE-2017-11103]. Resent-Message-ID: Date: Thu, 20 Jul 2017 15:51:34 -0400 From: Leo Famulari Message-ID: <20170720195134.GA19680@jasmine.lan> References: <87wp76kv68.fsf@gmail.com> <20170718154906.GB16798@jasmine.lan> <87bmogzspe.fsf@gmail.com> <877ez4znze.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="jRHKVT23PllUwdXP" Content-Disposition: inline In-Reply-To: <877ez4znze.fsf@gmail.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Alex Vong Cc: 27749@debbugs.gnu.org --jRHKVT23PllUwdXP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 19, 2017 at 07:04:53PM +0800, Alex Vong wrote: > Here is the updated patch: >=20 > From 33ae64ead2031e7707639302977d31487e992660 Mon Sep 17 00:00:00 2001 > From: Alex Vong > Date: Wed, 19 Jul 2017 17:01:47 +0800 > Subject: [PATCH] gnu: heimdal: Fix CVE-2017-{6594,11103}. >=20 > * gnu/packages/patches/heimdal-CVE-2017-6594.patch, > gnu/packages/patches/heimdal-CVE-2017-11103.patch: New files. > * gnu/local.mk (dist_patch_DATA): Add them. > * gnu/packages/kerberos.scm (heimdal)[source]: Use them. Thanks! I recreated the commit since the patch no longer applied to 'gnu/local.mk' and pushed as 81c35029d4ee4fa7cd517998844229a514b35531. I'm leaving this bug open for now so we can discuss the update. By the way everyone, the vulnerability disclosure / promotion web page, , has a nice primer on the bug (warning, the page plays music automatically). Thanks for including that, Alex. --jRHKVT23PllUwdXP Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllxCcYACgkQJkb6MLrK fwgj/w//Xl6oPFlyPw1vkIslntrASlZ1lhMF+s9zllthNPa496tgl/0HehQwkm0k AqM6ggMh5L52DRRu+oKCKFP81PT0tQ6G4jmRM2NhR3/DpU3zmrGPhbu5ipxh2jPS eb1aKIon6v9KaUjlwHJ1+KHYiZQQSQLh6pobDUlFMsrC039M6mHMRLqd6z6fh6Ya eq1A9hk8GYxOW3kJpfoRcLEWT+qkSCJZTu2rLvvIDKSTXFaUQFsYbi5TNEVZhMaY WOg55elGGOKf8X985DsiPoFrRQmINuMX4q+ghnvEZzl56Z4PylC3hVOSSBpajMsW ZXgQFiXlhnNv+tuhDvTJFOvodKoevBHfUxRt6yZOCIvxd5dkmOAuVYFvTLLlfeV1 pR76RoEr0d6Pvo3sfVUVxyfXjzF5uYn/pYdDTgydMtFGMrUoZAsNzjDLSH0JWrxx 80ORA5x7szKyt4qI1/BWlBXbZCIc8IcIVi8rLonts/lIPa4nccnNMl+GuCewMq2c ELDjkh55+mKR/RbFlSpyTmK5TNhdXGEEmWwf5EMOcKXXztHzigrkM0N20ADWWaGw mdKt7TTALzscwjV4lSTLBTo/Z+aTP5piVp7we/Gqk5CRcmdGUBaLCSWFgIutd4rb FXSDPjWPk8rdF9kNRC2YL72BY+rov6lIhQ6pP21PwhTiR5LiwJ8= =Z7sr -----END PGP SIGNATURE----- --jRHKVT23PllUwdXP--