[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 1/1] gnu: weex: Fix CVE-2005-3150.
From: |
Leo Famulari |
Subject: |
Re: [PATCH 1/1] gnu: weex: Fix CVE-2005-3150. |
Date: |
Sat, 5 Nov 2016 13:53:18 -0400 |
User-agent: |
Mutt/1.7.1 (2016-10-04) |
On Sat, Nov 05, 2016 at 10:53:57AM +0000, Marius Bakke wrote:
> Leo Famulari <address@hidden> writes:
>
> > * gnu/packages/patches/weex-CVE-2005-3150.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Add it.
> > * gnu/packages/ftp.scm (weex)[source]: Use it.
>
> Wow, an 11 year-old CVE. There is a 2.8.0 release of weex from last year
> on http://weex.sf.net, is that still affected? We have 2.6.15.
And a 2.8.2 release! Updating is a better idea; I didn't realize it was
an option. Done as 2d125a9b21306919e6123f76c0970988b14dadcf
If your to-do list needs more entries, you can try increasing the values
of 'past-years' and 'past-ttls' in (guix cve).
signature.asc
Description: PGP signature