guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: curl security update


From: Ludovic Courtès
Subject: Re: curl security update
Date: Thu, 04 Aug 2016 16:28:59 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

Leo Famulari <address@hidden> skribis:

> There are some new bugs disclosed in curl:
> https://curl.haxx.se/docs/security.html
>
> Grafting the new version seems like the right approach to me when I
> consider libcurl's ABI compatibility policy:
> https://curl.haxx.se/libcurl/abi.html

Sounds good.

> From ef6ae3732facb1eba77e82c6a6066832784bca5d Mon Sep 17 00:00:00 2001
> From: Leo Famulari <address@hidden>
> Date: Wed, 3 Aug 2016 16:13:09 -0400
> Subject: [PATCH] gnu: curl: Replace with 7.50.1 [fixes
>  CVE-2016-{3739,4802,5419,5420,5421].

Strangely ‘guix lint -c cve’ only reports CVE-2016-3739, annoying.

> * gnu/packages/curl.scm (curl)[replacement]: New field.
> (curl-7.50.1): New variable.

LGTM!

Thank you!

Ludo’.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]