Marius Bakke <mbakke@fastmail.com> writes:

> Kei Kebreau <kkebreau@posteo.net> writes:
>
>> Fixes CVE-2017-1000254.
>> See <https://curl.haxx.se/docs/adv_20171004.html> for details.
>>
>> * gnu/packages/curl.scm (curl)[replacement]: Update to 7.56.0.
>> (curl-7.55.0): Rename to ...
>> (curl-7.56.0): ... this.
>> [arguments]: Remove 'fix-Makefile' phase.
>> ---
>>  gnu/packages/curl.scm | 17 ++---------------
>>  1 file changed, 2 insertions(+), 15 deletions(-)
>>
>> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
>> index 23606b481..552df5dc3 100644
>> --- a/gnu/packages/curl.scm
>> +++ b/gnu/packages/curl.scm
>> @@ -126,25 +126,12 @@ tunneling, and so on.")
>>  (define-public curl-7.55.0
>>    (package
>>      (inherit curl)
>> -    (version "7.55.0")
>> +    (version "7.56.0")
>>      (source
>>        (origin
>>          (method url-fetch)
>>          (uri (string-append "https://curl.haxx.se/download/curl-"
>>                              version ".tar.xz"))
>> -        (patches (search-patches "curl-bounds-check.patch"))
>
> Please also delete this file and update gnu/local.mk.
>
> LGTM otherwise, thanks!

Thanks for reviewing this.
Pushed to master as 46cf31868c1b12eec50bc9b8dda64604dd81f986.