guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 0/1] Update harfbuzz to 1.0.6 (CVE-2016-2052)

From: Efraim Flashner
Subject: Re: [PATCH 0/1] Update harfbuzz to 1.0.6 (CVE-2016-2052)
Date: Fri, 29 Jan 2016 09:41:45 +0200 
On Fri, 29 Jan 2016 01:01:19 -0500
Leo Famulari <address@hidden> wrote:

> This patch updates harfbuzz to 1.0.6, fixing CVE-2016-2052 [0].
> 
> However, 587 packages depend on harfbuzz [1]. Where should the patch be
> applied?
> 
> [0]
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2052
> 
> [1]
> Building the following 199 packages would ensure 388 dependent packages 
> are rebuilt: avidemux-2.6.10 python-pyqt-5.5 pumpa-0.9.1 
[snip]
> Leo Famulari (1):
>   gnu: harfbuzz: Update to 1.0.6 [fixes CVE-2016-2052].
> 
>  gnu/packages/gtk.scm | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 

how about the security-updates branch?

-- 
Efraim Flashner   <address@hidden>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

Attachment: pgpXQ9I5SgaHh.pgp
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]