[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 1/1] gnu: cracklib: Fix CVE-2016-6318.
From: |
Leo Famulari |
Subject: |
Re: [PATCH 1/1] gnu: cracklib: Fix CVE-2016-6318. |
Date: |
Tue, 23 Aug 2016 17:06:35 -0400 |
User-agent: |
Mutt/1.7.0 (2016-08-17) |
On Wed, Aug 17, 2016 at 12:44:29AM -0400, Leo Famulari wrote:
> On Tue, Aug 16, 2016 at 11:29:11PM -0500, Eric Bavier wrote:
> > On Tue, 16 Aug 2016 22:49:55 -0400
> > Leo Famulari <address@hidden> wrote:
> >
> > > * gnu/packages/patches/cracklib-CVE-2016-6318.patch: New file.
> > > * gnu/local.mk (dist_patch_DATA): Add it.
> > > * gnu/packages/password-utils.scm (cracklib)[source]: Use the patch.
> > > ---
> > > gnu/local.mk | 1 +
> > > gnu/packages/password-utils.scm | 2 +
> > > gnu/packages/patches/cracklib-CVE-2016-6318.patch | 95
> > > +++++++++++++++++++++++
> > > 3 files changed, 98 insertions(+)
> > > create mode 100644 gnu/packages/patches/cracklib-CVE-2016-6318.patch
> >
> > LGTM! Thanks for getting the patch so quick.
>
> Thanks for the fast review! Pushed as 53dcbbec07c
It seems this story is not over. SuSE identified another buffer
overflow:
http://seclists.org/oss-sec/2016/q3/370
What do people think of the patch linked from that message?