From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:50821)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eZlQD-0003ps-E5
	for guix-patches@gnu.org; Thu, 11 Jan 2018 17:34:06 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eZlQA-0000eF-RC
	for guix-patches@gnu.org; Thu, 11 Jan 2018 17:34:05 -0500
Received: from debbugs.gnu.org ([208.118.235.43]:44747)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1eZlQA-0000e5-N1
	for guix-patches@gnu.org; Thu, 11 Jan 2018 17:34:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eZlQA-00060B-Gh
	for guix-patches@gnu.org; Thu, 11 Jan 2018 17:34:02 -0500
Subject: bug#30061: [PATCH] gnu: libvorbis: Fix CVE-2017-{14632,14633}.
Resent-To: guix-patches@gnu.org
Resent-Message-ID: <handler.30061.D30061.151571001023027.done@debbugs.gnu.org>
Date: Thu, 11 Jan 2018 14:33:22 -0800
From: Leo Famulari <leo@famulari.name>
Message-ID: <20180111223322.GA12238@jasmine.lan>
References: <9a94afdf5d9bcc8a61f31acdf346bbab1f44307f.1515575258.git.leo@famulari.name>
	<87h8rsnl4i.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="k1lZvvs/B4yU6o8G"
Content-Disposition: inline
In-Reply-To: <87h8rsnl4i.fsf@gnu.org>
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 30061-done@debbugs.gnu.org


--k1lZvvs/B4yU6o8G
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jan 11, 2018 at 10:25:33PM +0100, Ludovic Court=C3=A8s wrote:
> Hi,
>=20
> Leo Famulari <leo@famulari.name> skribis:
>=20
> > * gnu/packages/patches/libvorbis-CVE-2017-14632.patch,
> > gnu/packages/patches/libvorbis-CVE-2017-14633.patch: New files.
> > * gnu/local.mk (dist_patch_DATA): Add them.
> > * gnu/packages/xiph.scm (libvorbis)[replacement]: New field.
> > (libvorbis/fixed): New variable.
>=20
> LGTM.

Pushed as 138c08899ba73049de8afd2b74a8cf6845a1d9e1

> On =E2=80=98core-updates=E2=80=99, should we perform a rebuild instead of=
 grafting?

Yes, I merged master into core-updates and ungrafted libvorbis in
e6ebc7b13225f0eddc404b7d8e136120b962181e

--k1lZvvs/B4yU6o8G
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlpX5jIACgkQJkb6MLrK
fwjXeA//QpH4EHthoNVDzlsLhf+xSUKWTh5zTRkRR5hQZPlikKEqJB9gDrMVv71Z
06HY2f9Yz2W8b+vxsBPFo6tYeiVOyUZ3LrK3CbejYNo82LO84NGGJZteakwIL7cz
MftHSZgEPmZSD82KVqfDPL/As3+BsKBmi/U6FE1DnKEdBLtsERgq7ErCD5GdLpnb
94l1uFLONTQymO4FOwafaGbOGCPBUdk1rcnx2mTZgmuo6RgkcblRq719rPk/RXIC
aIab0ovTaM4A3hATXn20yfPVaPylb1xZpU/Pu0Q6P67gX5Ln1X8J9TfaVi60+Oz/
VUF2Hy0OvmVukvmHS4KnhO92ixIDQOgpMnC1pMEhyEVTZMr7B6Ni1eKWav9EAhUz
iDUL9li/jHnqbKQWFW/3zs2lqC0jgSn+1yUxGOTKRWLj7sxC0L7Bdcp+DGH86sU/
kDaMFZ6iFY+HfcXKh/5WcOYJjm4p5Su1QeKKwQpdkJLmIuYUSkmf8pwXYkzZ5486
hR7KOjMimEXH5jOHrQsCAO3EgS83l3K+M6tWx9yORmZvuMDKi6I9+wJ3bh+GKAVF
pHRvSMfP2psrEvuHy15Ecmnsui1HyiohFfE7aJGSPpUqNm9UTKG0PVhv3tK4UwL9
OpW05WDJxqJfo1u9dF4+P1Amm2+M7MkYjShym9lkBvnSKliHn5I=
=thrW
-----END PGP SIGNATURE-----

--k1lZvvs/B4yU6o8G--