[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#27370] [PATCH] gnu: libtiff: Fix several bugs related to improper c
From: |
Ludovic Courtès |
Subject: |
[bug#27370] [PATCH] gnu: libtiff: Fix several bugs related to improper codec usage [security fixes]. |
Date: |
Thu, 15 Jun 2017 10:13:43 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) |
Leo Famulari <address@hidden> skribis:
> Fixes CVE-2014-8128, CVE-2015-7554, CVE-2016-5318, CVE-2016-10095, and
> the other bugs listed in 'libtiff-tiffgetfield-bugs.patch'.
>
> * gnu/packages/patches/libtiff-tiffgetfield-bugs.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/image.scm (libtiff-4.0.8)[source]: Use it.
LGTM. ‘guix lint -c cve’ will keep complaining, but I guess splitting
the patch in one patch per CVE might be hard and not worth the effort.
Thoughts?
Could you apply them to ‘core-updates’ as well?
Thank you!
Ludo’.