bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#32877: Python-2 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-

From: Mark H Weaver
Subject: bug#32877: Python-2 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-1000802
Date: Thu, 11 Oct 2018 04:03:22 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) 
Leo Famulari <address@hidden> writes:

> On Sat, Oct 06, 2018 at 06:53:36PM +0200, Marius Bakke wrote:
>> From 2891a9acb7704c3397ef34fbb520b46936504422 Mon Sep 17 00:00:00 2001
>> From: Marius Bakke <address@hidden>
>> Date: Sat, 6 Oct 2018 18:50:47 +0200
>> Subject: [PATCH] gnu: python2: Add upstream security fixes.
>> 
>> This addresses CVE-2018-{1060,1061,14647,1000802}.
>> 
>> * gnu/packages/patches/python2-CVE-2018-1000802.patch,
>> gnu/packages/patches/python2-CVE-2018-1060.patch,
>> gnu/packages/patches/python2-CVE-2018-1061.patch,
>> gnu/packages/patches/python2-CVE-2018-14647.patch: New files.
>> * gnu/local.mk (dist_patch_DATA): Register it.
>> * gnu/packages/python.scm (python-2/fixed): New variable.
>> (python-2.7)[replacement]: New field.
>> (python2-minimal): Use PACKAGE/INHERIT.
>
> Thanks! I did some basic tests and things seem to work.

I added this commit to my private branch a few days ago, along with the
Python-3 CVE-2018-14647 fix (with the added hunk), updated my GuixSD
GNOME 3 system and user profile, and everything seems to be working
well.

I think they are both ready to push to master.

Thank you, Marius!

       Mark
reply via email to
[Prev in Thread] Current Thread [Next in Thread]