[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47144: security patching of 'patch' package
|
From: |
Mark H Weaver |
|
Subject: |
bug#47144: security patching of 'patch' package |
|
Date: |
Sun, 14 Mar 2021 17:37:25 -0400 |
I'm forwarding this to bug-guix@gnu.org so that it won't be forgotten.
Mark
-------------------- Start of forwarded message --------------------
Subject: security patching of 'patch' package
From: Léo Le Bouter <lle-bout@zaclys.net>
To: guix-devel@gnu.org
Date: Wed, 10 Mar 2021 04:14:35 +0100
Hello!
I could find that the 'patch' package was vulnerable to numerous CVEs
that other distros like Debian have patched. Here's the list reported
by 'guix lint -c cve patch':
patch@2.7.6: probably vulnerable to CVE-2019-13636, CVE-2019-13638,
CVE-2019-20633, CVE-2018-1000156, CVE-2018-20969, CVE-2018-6951, CVE-
2018-6952
Can I use latest commit from master to build 'patch' then graft
original package?
i.e. https://git.savannah.gnu.org/git/patch.git
There's not that many commits since last release, but lots of time:
https://git.savannah.gnu.org/cgit/patch.git/log/
Thank you,
Léo
signature.asc
Description: This is a digitally signed message part
-------------------- End of forwarded message --------------------
- bug#47144: security patching of 'patch' package,
Mark H Weaver <=