From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34080) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dLPul-0007bh-Hl for guix-patches@gnu.org; Thu, 15 Jun 2017 04:14:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dLPuk-0000nT-Lr for guix-patches@gnu.org; Thu, 15 Jun 2017 04:14:03 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:45817) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dLPuk-0000nO-Ht for guix-patches@gnu.org; Thu, 15 Jun 2017 04:14:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dLPuk-000399-9K for guix-patches@gnu.org; Thu, 15 Jun 2017 04:14:02 -0400 Subject: [bug#27370] [PATCH] gnu: libtiff: Fix several bugs related to improper codec usage [security fixes]. Resent-Message-ID: From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: Date: Thu, 15 Jun 2017 10:13:43 +0200 In-Reply-To: (Leo Famulari's message of "Wed, 14 Jun 2017 23:45:57 -0400") Message-ID: <87eful4qiw.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Leo Famulari Cc: 27370@debbugs.gnu.org Leo Famulari skribis: > Fixes CVE-2014-8128, CVE-2015-7554, CVE-2016-5318, CVE-2016-10095, and > the other bugs listed in 'libtiff-tiffgetfield-bugs.patch'. > > * gnu/packages/patches/libtiff-tiffgetfield-bugs.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. > * gnu/packages/image.scm (libtiff-4.0.8)[source]: Use it. LGTM. =E2=80=98guix lint -c cve=E2=80=99 will keep complaining, but I gues= s splitting the patch in one patch per CVE might be hard and not worth the effort. Thoughts? Could you apply them to =E2=80=98core-updates=E2=80=99 as well? Thank you! Ludo=E2=80=99.