From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marius Bakke Subject: Re: [PATCH 1/1] gnu: unrtf: Fix CVE-2016-10091. Date: Wed, 04 Jan 2017 16:09:40 +0100 Message-ID: <877f6azwsr.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> References: <049f6fc2d37899df14579e04092582e3382489d5.1483302566.git.leo@famulari.name> <8760lwqeau.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <20170104071325.GA8103@jasmine> <20170104072757.GA18888@jasmine> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:49077) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cOnCF-00073H-1b for guix-devel@gnu.org; Wed, 04 Jan 2017 10:09:47 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cOnCB-0003Ju-ST for guix-devel@gnu.org; Wed, 04 Jan 2017 10:09:46 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:48167) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cOnCB-0003Ix-L0 for guix-devel@gnu.org; Wed, 04 Jan 2017 10:09:43 -0500 In-Reply-To: <20170104072757.GA18888@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Leo Famulari writes: > On Wed, Jan 04, 2017 at 02:13:25AM -0500, Leo Famulari wrote: >> On Tue, Jan 03, 2017 at 05:49:29PM +0100, Marius Bakke wrote: >> > Leo Famulari writes: >> > > +diff --git a/debian/patches/series b/debian/patches/series >> > > +new file mode 100644 >> > > +index 0000000..7868249 >> > > +--- /dev/null >> > > ++++ b/debian/patches/series >> > > +@@ -0,0 +1 @@ >> > > ++0001-Replace-all-instances-of-sprintf-with-snprintf-and-a.patch >> >=20 >> > This part we surely don't need ;-) >>=20 >> Oops! > > x2 > > Of course, the patch I sent on January 1 was completely broken. > > The patch it included from Debian was meant to be applied to the Debian > package tree, not the UnRTF source code. OK! Thanks for the update, LGTM! Thanks for keeping up with this. I'm currently travelling, but should return to normal within a few days/week :-) --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlhtEDUACgkQoqBt8qM6 VPr1/AgAog+oVcq5yFTYhBZf6UvW3NS0OpeGAoXxW6qxxf53A53EIUwqj9lSiaFR iOZ2hL3uOcS9+GFj9U/9tCAY5yJk/Zxzaqr8JoRCM1BGeYkqIZp1O2zWvEEnZeUE 1225JPjvMUAPH1jSUP8Go9sDdj0rCXhpmPrybxUUKRFO31QEEfIvxSFr3JoflWi0 XRsQMvZgYdffO8aQ4ZstnPSdYmvkyXnYt6nNgdzv02r5dN/Y7vcn7oWBsvVBC4jg w89Md4f/hWwcTg3KLQ2gqzBBThPvy+21TvhmZKjsd2BwOApEcG2nnVHsWm4tYT0l 0Wgev9UpjTVfiYKr4n/t5Xq4Wdn2YA== =RERF -----END PGP SIGNATURE----- --=-=-=--