bug#47144: security patching of 'patch' package

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47144: security patching of 'patch' package

From:	Leo Famulari
Subject:	bug#47144: security patching of 'patch' package
Date:	Wed, 14 Apr 2021 17:54:28 -0400

On Sun, Mar 14, 2021 at 05:37:25PM -0400, Mark H Weaver wrote:
> patch@2.7.6: probably vulnerable to CVE-2019-13636, CVE-2019-13638,
> CVE-2019-20633, CVE-2018-1000156, CVE-2018-20969, CVE-2018-6951, CVE-
> 2018-6952

I tried building a "fixed" package of patch, cherry-picking bug fix
patches from patch.git.

Unfortunately, the patches largely don't apply to the most recent
release of patch.

Since there is no release fixing these bugs, and no clear advice about
which patches to apply, I'm going to stop working on this for now.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47144: security patching of 'patch' package, Leo Famulari <=

Prev by Date: bug#47106: Bubblewrap hates Guix containers 😞
Next by Date: bug#47106: Bubblewrap hates Guix containers 😞
Previous by thread: bug#47106: Bubblewrap hates Guix containers 😞
Next by thread: bug#47782: guix pull: error: You found a bug: compute-guix-derivation
Index(es):
- Date
- Thread