[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 0/1] Update harfbuzz to 1.0.6 (CVE-2016-2052)
From: |
Efraim Flashner |
Subject: |
Re: [PATCH 0/1] Update harfbuzz to 1.0.6 (CVE-2016-2052) |
Date: |
Fri, 29 Jan 2016 09:41:45 +0200 |
On Fri, 29 Jan 2016 01:01:19 -0500
Leo Famulari <address@hidden> wrote:
> This patch updates harfbuzz to 1.0.6, fixing CVE-2016-2052 [0].
>
> However, 587 packages depend on harfbuzz [1]. Where should the patch be
> applied?
>
> [0]
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2052
>
> [1]
> Building the following 199 packages would ensure 388 dependent packages
> are rebuilt: avidemux-2.6.10 python-pyqt-5.5 pumpa-0.9.1
[snip]
> Leo Famulari (1):
> gnu: harfbuzz: Update to 1.0.6 [fixes CVE-2016-2052].
>
> gnu/packages/gtk.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
how about the security-updates branch?
--
Efraim Flashner <address@hidden> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
pgpXQ9I5SgaHh.pgp
Description: OpenPGP digital signature