From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marius Bakke <mbakke@fastmail.com>
Subject: Re: [PATCH 1/1] gnu: unrtf: Fix CVE-2016-10091.
Date: Wed, 04 Jan 2017 16:09:40 +0100
Message-ID: <877f6azwsr.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
References: <049f6fc2d37899df14579e04092582e3382489d5.1483302566.git.leo@famulari.name>
	<8760lwqeau.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
	<20170104071325.GA8103@jasmine> <20170104072757.GA18888@jasmine>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49077)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mbakke@fastmail.com>) id 1cOnCF-00073H-1b
	for guix-devel@gnu.org; Wed, 04 Jan 2017 10:09:47 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mbakke@fastmail.com>) id 1cOnCB-0003Ju-ST
	for guix-devel@gnu.org; Wed, 04 Jan 2017 10:09:46 -0500
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:48167)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <mbakke@fastmail.com>) id 1cOnCB-0003Ix-L0
	for guix-devel@gnu.org; Wed, 04 Jan 2017 10:09:43 -0500
In-Reply-To: <20170104072757.GA18888@jasmine>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Leo Famulari <leo@famulari.name>
Cc: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Leo Famulari <leo@famulari.name> writes:

> On Wed, Jan 04, 2017 at 02:13:25AM -0500, Leo Famulari wrote:
>> On Tue, Jan 03, 2017 at 05:49:29PM +0100, Marius Bakke wrote:
>> > Leo Famulari <leo@famulari.name> writes:
>> > > +diff --git a/debian/patches/series b/debian/patches/series
>> > > +new file mode 100644
>> > > +index 0000000..7868249
>> > > +--- /dev/null
>> > > ++++ b/debian/patches/series
>> > > +@@ -0,0 +1 @@
>> > > ++0001-Replace-all-instances-of-sprintf-with-snprintf-and-a.patch
>> >=20
>> > This part we surely don't need ;-)
>>=20
>> Oops!
>
> x2
>
> Of course, the patch I sent on January 1 was completely broken.
>
> The patch it included from Debian was meant to be applied to the Debian
> package tree, not the UnRTF source code.

OK! Thanks for the update, LGTM!

Thanks for keeping up with this. I'm currently travelling, but should
return to normal within a few days/week :-)

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlhtEDUACgkQoqBt8qM6
VPr1/AgAog+oVcq5yFTYhBZf6UvW3NS0OpeGAoXxW6qxxf53A53EIUwqj9lSiaFR
iOZ2hL3uOcS9+GFj9U/9tCAY5yJk/Zxzaqr8JoRCM1BGeYkqIZp1O2zWvEEnZeUE
1225JPjvMUAPH1jSUP8Go9sDdj0rCXhpmPrybxUUKRFO31QEEfIvxSFr3JoflWi0
XRsQMvZgYdffO8aQ4ZstnPSdYmvkyXnYt6nNgdzv02r5dN/Y7vcn7oWBsvVBC4jg
w89Md4f/hWwcTg3KLQ2gqzBBThPvy+21TvhmZKjsd2BwOApEcG2nnVHsWm4tYT0l
0Wgev9UpjTVfiYKr4n/t5Xq4Wdn2YA==
=RERF
-----END PGP SIGNATURE-----
--=-=-=--