From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marius Bakke <mbakke@fastmail.com>
Subject: Re: [PATCH 1/1] gnu: weex: Fix CVE-2005-3150.
Date: Sat, 05 Nov 2016 10:53:57 +0000
Message-ID: <87eg2q6vui.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
References: <665ebef4734c7a27067a5f3cdad30e65b562f4f7.1478324741.git.leo@famulari.name>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47557)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mbakke@fastmail.com>) id 1c2yc3-0005m8-Du
	for guix-devel@gnu.org; Sat, 05 Nov 2016 06:54:16 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mbakke@fastmail.com>) id 1c2yby-0008HN-EF
	for guix-devel@gnu.org; Sat, 05 Nov 2016 06:54:15 -0400
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:34110)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <mbakke@fastmail.com>) id 1c2yby-0008DN-9w
	for guix-devel@gnu.org; Sat, 05 Nov 2016 06:54:10 -0400
In-Reply-To: <665ebef4734c7a27067a5f3cdad30e65b562f4f7.1478324741.git.leo@famulari.name>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Leo Famulari <leo@famulari.name>, guix-devel@gnu.org

--=-=-=
Content-Type: text/plain

Leo Famulari <leo@famulari.name> writes:

> * gnu/packages/patches/weex-CVE-2005-3150.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/ftp.scm (weex)[source]: Use it.

Wow, an 11 year-old CVE. There is a 2.8.0 release of weex from last year
on http://weex.sf.net, is that still affected? We have 2.6.15.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJYHbpFAAoJEKKgbfKjOlT6sdIIAJSStAJqEoqPUMMt2e69mbIH
kPPguk+iD5wioV3rDVQMWIi8SSR7vbmNNbfz4l3d8HEnvjjPcyAky/UJDQnkcb6U
TGVjBIWRs/9Sgt0gfHeNYARcfzM+g23/Q880aKRRzA7JhBN0j41jk68/omQsChfY
TZH3ZYWtgffNuvxFvcE+PxZfwBQIlE6pvABN4fs469P3SoXgN3KwNlRCLlO0Pzk5
T3Dn4aSItLrZ0Enj+QRgmKYqYrlFmELcb8Ssm7k2kJDXVm9VSjAJM0G0+Ti27Y6L
kgFf/mJ3D56A5i3ZBuSYY9qWez9ggMKWkwYHkN3LI50Nf17QC9lvfMtdQlSsyQU=
=LUgU
-----END PGP SIGNATURE-----
--=-=-=--