Re: [PATCH] gnu: linux-pam: Update to 1.3.0.

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] gnu: linux-pam: Update to 1.3.0.

From:	David Craven
Subject:	Re: [PATCH] gnu: linux-pam: Update to 1.3.0.
Date:	Sun, 28 Aug 2016 22:21:46 +0200

> “XXX” is fine here, because it may be impossible for us to fix it.

Ah ok.

> I think this part should indeed be a separate patch.  Also, Flex should
> be ‘native-inputs’ presumably, whereas Cracklib should be in ‘inputs’.

Already realized it, and pushed to core-updates as
7483230f17880c1cd50d1de53496dc1ececebbb8
25d1b3107fc7ebdc155649722fc257f4dbc4b04a

and Leo already commented on a related security issue and is reverting
the second commit:

> For CVE-2016-6318, the disclosure message pointed out that if
> cracklib is compiled without the FORTIFY_SOURCE compiler flag, the bug
> can result in code execution and privilege escalation.

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] gnu: linux-pam: Update to 1.3.0., David Craven, 2016/08/26
- Re: [PATCH] gnu: linux-pam: Update to 1.3.0., David Craven, 2016/08/26
- Re: [PATCH] gnu: linux-pam: Update to 1.3.0., Ludovic Courtès, 2016/08/28
  - Re: [PATCH] gnu: linux-pam: Update to 1.3.0., David Craven <=

Prev by Date: Re: [PATCH] gnu: libmicrohttpd: Update to 0.9.51.
Next by Date: Re: [PATCH] Fix compiling on CentOS 7.
Previous by thread: Re: [PATCH] gnu: linux-pam: Update to 1.3.0.
Next by thread: base64: Restore original license header (license compliance issue)
Index(es):
- Date
- Thread