From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: [PATCH 0/1] Expat security update Date: Thu, 9 Jun 2016 13:05:41 -0400 Message-ID: Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:54828) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bB3P6-0003Zq-M4 for guix-devel@gnu.org; Thu, 09 Jun 2016 13:06:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bB3Oz-0006iL-Rd for guix-devel@gnu.org; Thu, 09 Jun 2016 13:05:59 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:37949) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bB3Oy-0006hf-Kr for guix-devel@gnu.org; Thu, 09 Jun 2016 13:05:53 -0400 Received: from localhost.localdomain (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148]) by mail.messagingengine.com (Postfix) with ESMTPA id 92542CCDA6 for ; Thu, 9 Jun 2016 13:05:46 -0400 (EDT) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org We take a patch from Debian, apparently written by the Expat maintainer [0], to fix two recently disclosed bugs. Your review is requested. [0] The commit hash in the patch doesn't seem to exist anywhere on the internet besides the Debian servers. It doesn't exist in the Expat Git repo. Leo Famulari (1): gnu: expat: Fix CVE-2012-6702 and CVE-2016-5300. gnu/local.mk | 1 + .../expat-CVE-2012-6702-and-CVE-2016-5300.patch | 142 +++++++++++++++++++++ gnu/packages/xml.scm | 3 +- 3 files changed, 145 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch -- 2.8.3