[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cairo CVE-2016-9082
|
From: |
Efraim Flashner |
|
Subject: |
Re: cairo CVE-2016-9082 |
|
Date: |
Tue, 29 Nov 2016 09:44:06 +0200 |
|
User-agent: |
Mutt/1.7.1 (2016-10-04) |
On Mon, Nov 28, 2016 at 10:06:41PM -0500, Leo Famulari wrote:
> On Mon, Nov 28, 2016 at 09:30:53PM +0200, Efraim Flashner wrote:
> > The previous patch somehow stopped working for me, and I was getting
> > complaints about unbound variable cairo/fixed, so I rewrote the patch to
> > have every cairo use the patch separately.
>
> Thanks for taking on this tricky bug fix!
>
> > diff --git a/gnu/packages/patches/cairo-CVE-2016-9082.patch
> > b/gnu/packages/patches/cairo-CVE-2016-9082.patch
>
> Please add a link to the patch source in the patch file. I know it can
> be found in the linked bug report, but it does help readers to be
> explicit, in my opinion.
>
> Otherwise LGTM.
>
> The patch is not in the cairo repo yet, AFAICT:
>
> https://cgit.freedesktop.org/cairo/
>
> But, Debian did use it:
>
> https://anonscm.debian.org/cgit/collab-maint/cairo.git/tree/debian/patches/07_CVE-2016-9082.patch
>
> Can you follow the upstream resolution of the bug in case they decide to
> use a different patch?
sure
--
Efraim Flashner <address@hidden> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
signature.asc
Description: PGP signature