all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* security patching of 'patch' package
@ 2021-03-10  3:14 Léo Le Bouter
  2021-03-14 21:37 ` bug#47144: " Mark H Weaver
  0 siblings, 1 reply; 30+ messages in thread
From: Léo Le Bouter @ 2021-03-10  3:14 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/plain, Size: 614 bytes --]

Hello!

I could find that the 'patch' package was vulnerable to numerous CVEs
that other distros like Debian have patched. Here's the list reported
by 'guix lint -c cve patch':

patch@2.7.6: probably vulnerable to CVE-2019-13636, CVE-2019-13638,
CVE-2019-20633, CVE-2018-1000156, CVE-2018-20969, CVE-2018-6951, CVE-
2018-6952

Can I use latest commit from master to build 'patch' then graft
original package?

i.e. https://git.savannah.gnu.org/git/patch.git

There's not that many commits since last release, but lots of time: 
https://git.savannah.gnu.org/cgit/patch.git/log/

Thank you,
Léo

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 30+ messages in thread

end of thread, other threads:[~2024-06-24  5:17 UTC | newest]

Thread overview: 30+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-03-10  3:14 security patching of 'patch' package Léo Le Bouter
2021-03-14 21:37 ` bug#47144: " Mark H Weaver
2021-03-15 18:26   ` bug#47144: [PATCH 0/1] gnu: patch: Update to 2.7.6-7623b2d [security fixes] Léo Le Bouter via Bug reports for GNU Guix
2021-03-15 18:26     ` bug#47144: [PATCH 1/1] " Léo Le Bouter via Bug reports for GNU Guix
2021-03-18 21:58       ` Ludovic Courtès
2022-03-23  3:03         ` bug#47144: security patching of 'patch' package Maxim Cournoyer
2021-04-14 21:54   ` Leo Famulari
2024-05-31  2:59   ` bug#47144: [PATCH 1/3] gnu: ucd: Update to 15.1.0 Maxim Cournoyer
2024-05-31  2:59     ` bug#47144: [PATCH 2/3] gnu: gnulib: Update to 2024-05-30-1.ac4b301 Maxim Cournoyer
2024-05-31  2:59     ` bug#47144: [PATCH 3/3] gnu: patch: Graft to latest commit [security fixes] Maxim Cournoyer
2024-05-31 16:13       ` Simon Tournier
2024-06-01  1:49         ` Maxim Cournoyer
2024-06-04 15:39           ` Simon Tournier
2024-06-05  1:08             ` Maxim Cournoyer
2024-06-01 11:34       ` Maxim Cournoyer
2024-06-01 14:32       ` Ludovic Courtès
2024-06-01 15:02         ` Maxim Cournoyer
2024-06-05 16:04           ` bug#47144: security patching of 'patch' package Ludovic Courtès
2024-06-05 16:44             ` Simon Tournier
2024-06-06  0:49               ` Maxim Cournoyer
2024-06-01 12:56   ` bug#47144: [PATCH v2 1/3] gnu: ucd: Update to 15.1.0 Maxim Cournoyer
2024-06-01 12:56     ` bug#47144: [PATCH v2 2/3] gnu: gnulib: Update to 2024-05-30-1.ac4b301 Maxim Cournoyer
2024-06-01 12:56     ` bug#47144: [PATCH v2 3/3] gnu: patch: Graft to latest commit [security fixes] Maxim Cournoyer
2024-06-05  1:24   ` bug#47144: [PATCH v3 1/3] gnu: ucd: Update to 15.1.0 Maxim Cournoyer
2024-06-05  1:24     ` bug#47144: [PATCH v3 2/3] gnu: gnulib: Update to 2024-05-30-1.ac4b301 Maxim Cournoyer
2024-06-05  1:24     ` bug#47144: [PATCH v3 3/3] gnu: patch: Graft to latest commit [security fixes] Maxim Cournoyer
2024-06-06  0:46   ` bug#47144: [PATCH v4 1/3] gnu: ucd: Update to 15.1.0 Maxim Cournoyer
2024-06-06  0:46     ` bug#47144: [PATCH v4 2/3] gnu: gnulib: Update to 2024-05-30-1.ac4b301 Maxim Cournoyer
2024-06-06  0:46     ` bug#47144: [PATCH v4 3/3] gnu: patch: Update to latest commit [security fixes] Maxim Cournoyer
2024-06-24  4:43       ` bug#47144: security patching of 'patch' package Maxim Cournoyer

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.