guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/02: gnu: lcms: Mention CVE-2016-10165.

From: Marius Bakke
Subject: 02/02: gnu: lcms: Mention CVE-2016-10165.
Date: Sun, 12 Feb 2017 16:32:15 -0500 (EST) 
mbakke pushed a commit to branch core-updates
in repository guix.

commit ed7732bc625585e6ec51c6f60716c8a6a916082b
Author: Alex Vong <address@hidden>
Date:   Sat Feb 11 22:58:19 2017 +0800

    gnu: lcms: Mention CVE-2016-10165.
    
    * gnu/packages/patches/lcms-fix-out-of-bounds-read.patch: Rename to ...
    * gnu/packages/patches/lcms-CVE-2016-10165.patch: ... this.
    * gnu/local.mk (dist_patch_DATA): Adjust.
    * gnu/packages/ghostscript.scm (lcms)[source]: Use renamed patch.
    
    Signed-off-by: Marius Bakke <address@hidden>
---
 gnu/local.mk                                                          | 3 ++-
 gnu/packages/ghostscript.scm                                          | 2 +-
 .../{lcms-fix-out-of-bounds-read.patch => lcms-CVE-2016-10165.patch}  | 4 +++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index 753c0ef..af9dfff 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -9,6 +9,7 @@
 # Copyright © 2016 Adonay "adfeno" Felipe Nogueira 
<https://libreplanet.org/wiki/User:Adfeno> <address@hidden>
 # Copyright © 2016, 2017 Ricardo Wurmus <address@hidden>
 # Copyright © 2016 Ben Woodcroft <address@hidden>
+# Copyright © 2016, 2017 Alex Vong <address@hidden>
 #
 # This file is part of GNU Guix.
 #
@@ -656,7 +657,7 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/kobodeluxe-midicon-segmentation-fault.patch     \
   %D%/packages/patches/kobodeluxe-graphics-window-signed-char.patch    \
   %D%/packages/patches/laby-make-install.patch                 \
-  %D%/packages/patches/lcms-fix-out-of-bounds-read.patch       \
+  %D%/packages/patches/lcms-CVE-2016-10165.patch               \
   %D%/packages/patches/ldc-disable-tests.patch                 \
   %D%/packages/patches/ldc-1.1.0-disable-dmd-tests.patch       \
   %D%/packages/patches/ldc-1.1.0-disable-phobos-tests.patch    \
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 4b8e623..826a2fc 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -45,7 +45,7 @@
             (method url-fetch)
             (uri (string-append "mirror://sourceforge/lcms/lcms/" version
                                 "/lcms2-" version ".tar.gz"))
-            (patches (search-patches "lcms-fix-out-of-bounds-read.patch"))
+            (patches (search-patches "lcms-CVE-2016-10165.patch"))
             (sha256 (base32
                      "08pvl289g0mbznzx5l6ibhaldsgx41kwvdn2c974ga9fkli2pl36"))))
    (build-system gnu-build-system)
diff --git a/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch 
b/gnu/packages/patches/lcms-CVE-2016-10165.patch
similarity index 84%
rename from gnu/packages/patches/lcms-fix-out-of-bounds-read.patch
rename to gnu/packages/patches/lcms-CVE-2016-10165.patch
index d9f7ac6..fa4d75c 100644
--- a/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch
+++ b/gnu/packages/patches/lcms-CVE-2016-10165.patch
@@ -1,7 +1,9 @@
-Fix an out-of-bounds heap read in Type_MLU_Read():
+Fix CVE-2016-10165, an out-of-bounds heap read in Type_MLU_Read():
 
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165
 http://seclists.org/oss-sec/2016/q3/288
 https://bugzilla.redhat.com/show_bug.cgi?id=1367357
+https://security-tracker.debian.org/tracker/CVE-2016-10165
 
 Patch copied from upstream source repository:
reply via email to
[Prev in Thread] Current Thread [Next in Thread]