bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47418: [PATCH] gnu: imagemagick: Fix CVE-2020-27829.

From: Mark H Weaver
Subject: bug#47418: [PATCH] gnu: imagemagick: Fix CVE-2020-27829.
Date: Sat, 27 Mar 2021 09:27:54 -0400 
Léo Le Bouter via Bug reports for GNU Guix <bug-guix@gnu.org> writes:

> * gnu/packages/patches/imagemagick-CVE-2020-27829.patch: New patch.
> * gnu/local.mk (dist_patch_DATA): Register it.
> * gnu/packages/imagemagick.scm (imagemagick/fixed): Apply patch to existing
> graft.
> ---
>  gnu/local.mk                                  |  1 +
>  gnu/packages/imagemagick.scm                  |  3 ++-
>  .../patches/imagemagick-CVE-2020-27829.patch  | 23 +++++++++++++++++++
>  3 files changed, 26 insertions(+), 1 deletion(-)
>  create mode 100644 gnu/packages/patches/imagemagick-CVE-2020-27829.patch

Your patch looks good to me, but I've just posted an alternative patch
set to 'guix-devel' which should enable us to keep ImageMagick
up-to-date without grafting, and which fixes this security flaw and
more.

  https://lists.gnu.org/archive/html/guix-devel/2021-03/msg00538.html

It's not a big deal, but if you push your patch now, I would need to
rebase the patch set on top of it.

      Mark
reply via email to
[Prev in Thread] Current Thread [Next in Thread]