[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 0/1] fontconfig: CVE-2016-5384
|
From: |
Leo Famulari |
|
Subject: |
[PATCH 0/1] fontconfig: CVE-2016-5384 |
|
Date: |
Mon, 8 Aug 2016 18:59:40 -0400 |
This patch uses a graft to apply the upstream fix to fontconfig for
CVE-2016-5384. I learned about the bug from a Debian security advisory:
https://security-tracker.debian.org/tracker/CVE-2016-5384
https://www.debian.org/security/2016/dsa-3644
Another potential option is to try grafting the latest version of
fontconfig, 2.12.1.
One way or another, ~2000 packages are depend on fontconfig.
Thoughts?
Leo Famulari (1):
gnu: fontconfig: Fix CVE-2016-5384.
gnu/local.mk | 1 +
gnu/packages/fontutils.scm | 8 +
.../patches/fontconfig-CVE-2016-5384.patch | 170 +++++++++++++++++++++
3 files changed, 179 insertions(+)
create mode 100644 gnu/packages/patches/fontconfig-CVE-2016-5384.patch
--
2.9.2
- [PATCH 0/1] fontconfig: CVE-2016-5384,
Leo Famulari <=