guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/1] gnu: cracklib: Fix CVE-2016-6318.

From: Leo Famulari
Subject: Re: [PATCH 1/1] gnu: cracklib: Fix CVE-2016-6318.
Date: Tue, 23 Aug 2016 17:06:35 -0400
User-agent: Mutt/1.7.0 (2016-08-17) 
On Wed, Aug 17, 2016 at 12:44:29AM -0400, Leo Famulari wrote:
> On Tue, Aug 16, 2016 at 11:29:11PM -0500, Eric Bavier wrote:
> > On Tue, 16 Aug 2016 22:49:55 -0400
> > Leo Famulari <address@hidden> wrote:
> > 
> > > * gnu/packages/patches/cracklib-CVE-2016-6318.patch: New file.
> > > * gnu/local.mk (dist_patch_DATA): Add it.
> > > * gnu/packages/password-utils.scm (cracklib)[source]: Use the patch.
> > > ---
> > >  gnu/local.mk                                      |  1 +
> > >  gnu/packages/password-utils.scm                   |  2 +
> > >  gnu/packages/patches/cracklib-CVE-2016-6318.patch | 95 
> > > +++++++++++++++++++++++
> > >  3 files changed, 98 insertions(+)
> > >  create mode 100644 gnu/packages/patches/cracklib-CVE-2016-6318.patch
> > 
> > LGTM! Thanks for getting the patch so quick.
> 
> Thanks for the fast review! Pushed as 53dcbbec07c

It seems this story is not over. SuSE identified another buffer
overflow:
http://seclists.org/oss-sec/2016/q3/370

What do people think of the patch linked from that message?
reply via email to
[Prev in Thread] Current Thread [Next in Thread]