[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: curl security update
From: |
Ludovic Courtès |
Subject: |
Re: curl security update |
Date: |
Thu, 04 Aug 2016 16:28:59 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Leo Famulari <address@hidden> skribis:
> There are some new bugs disclosed in curl:
> https://curl.haxx.se/docs/security.html
>
> Grafting the new version seems like the right approach to me when I
> consider libcurl's ABI compatibility policy:
> https://curl.haxx.se/libcurl/abi.html
Sounds good.
> From ef6ae3732facb1eba77e82c6a6066832784bca5d Mon Sep 17 00:00:00 2001
> From: Leo Famulari <address@hidden>
> Date: Wed, 3 Aug 2016 16:13:09 -0400
> Subject: [PATCH] gnu: curl: Replace with 7.50.1 [fixes
> CVE-2016-{3739,4802,5419,5420,5421].
Strangely ‘guix lint -c cve’ only reports CVE-2016-3739, annoying.
> * gnu/packages/curl.scm (curl)[replacement]: New field.
> (curl-7.50.1): New variable.
LGTM!
Thank you!
Ludo’.