[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#30180] [PATCH] gnu: libsndfile: Fix CVE-2017-12562.
From: |
Ludovic Courtès |
Subject: |
[bug#30180] [PATCH] gnu: libsndfile: Fix CVE-2017-12562. |
Date: |
Wed, 24 Jan 2018 14:59:18 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) |
Leo Famulari <address@hidden> skribis:
> On Tue, Jan 23, 2018 at 10:20:26AM +0100, Ludovic Courtès wrote:
>> Leo Famulari <address@hidden> skribis:
>>
>> > I'd like to ungraft this on core-updates, even though it's late in the
>> > core-updates cycle. Changing libsndfile requires only ~600 rebuilds per
>> > architecture.
>> >
>> > * gnu/packages/patches/libsndfile-CVE-2017-12562.patch: New file.
>> > * gnu/local.mk (dist_patch_DATA): Add it.
>> > * gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field.
>> > (libsndfile/fixed): New variable.
>>
>> The patch LGTM!
>
> Okay, pushed!
>
>> As for ungrafting, I’ll let you judge. I would really like to merge
>> that branch soon, but I haven’t checked in status over the last couple
>> of days.
>
> The branch is very close to done if you just look at the numbers, but
> there are still some important package failures. But there will be more
> grafts soon enough, so I guess we might as well leave it grafted.
Sounds reasonable.
Ludo’.