Re: Flex security update: RCE in generated code (CVE-2016-6354)

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Flex security update: RCE in generated code (CVE-2016-6354)

From:	Leo Famulari
Subject:	Re: Flex security update: RCE in generated code (CVE-2016-6354)
Date:	Fri, 26 Aug 2016 18:49:59 -0400
User-agent:	Mutt/1.7.0 (2016-08-17)

On Fri, Aug 26, 2016 at 06:14:26PM -0400, Leo Famulari wrote:
> Subject: [PATCH] gnu: flex: Fix CVE-2016-6354.
> 
> * gnu/packages/flex.scm (flex)[replacement]: New field.
> (flex/fixed): New variable.
> * gnu/packages/patches/flex-CVE-2016-6354.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.

As Mark pointed out on #guix, bugs in flex's generated code can not be
addressed with a graft. Also, the upstream tarballs that we build from
often contain code generated by flex.

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Flex security update: RCE in generated code (CVE-2016-6354), Leo Famulari, 2016/08/26
- Re: Flex security update: RCE in generated code (CVE-2016-6354), Leo Famulari <=
  - Re: Flex security update: RCE in generated code (CVE-2016-6354), Ludovic Courtès, 2016/08/27
    - Re: Flex security update: RCE in generated code (CVE-2016-6354), Leo Famulari, 2016/08/27
    - Re: Flex security update: RCE in generated code (CVE-2016-6354), Efraim Flashner, 2016/08/28

Prev by Date: Flex security update: RCE in generated code (CVE-2016-6354)
Next by Date: Re: [PATCH] gnu: tor: Update to 0.2.8.7.
Previous by thread: Flex security update: RCE in generated code (CVE-2016-6354)
Next by thread: Re: Flex security update: RCE in generated code (CVE-2016-6354)
Index(es):
- Date
- Thread