guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].

From: Marius Bakke
Subject: Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
Date: Fri, 13 Jan 2017 14:20:27 +0100
User-agent: Notmuch/0.23.4 (https://notmuchmail.org) Emacs/25.1.1 (x86_64-unknown-linux-gnu) 
Ludovic Courtès <address@hidden> writes:

> Leo Famulari <address@hidden> skribis:
>
>> On Thu, Jan 12, 2017 at 10:56:51PM +0100, Marius Bakke wrote:
>>> Leo Famulari <address@hidden> writes:
>>> 
>>> > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote:
>>> >> * gnu/packages/ed.scm (ed-1.14.1): New variable.
>>> >> (ed)[replacement]: New field.
>>> >
>>> > Can you add a comment with a link to the bug report?
>>> >
>>> > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html
>>> 
>>> Good find. I wonder, was this issue only present in the unreleased
>>> 1.14.0? I can't reproduce it with the current Guix version.
>>
>> Good catch; I can only reproduce it with 1.14, and the ed maintainer
>> points out that it was introduced in 1.14.
>>
>>> I'll wait and see what the response on oss-sec is. Maybe we can just
>>> push the update to core-updates.
>>
>> I think it's fine for core-updates.
>
> With 200 dependent packages, it could even go to ‘master’.
>
>   https://lists.gnu.org/archive/html/guix-devel/2016-10/msg00933.html

When I first built it on 'master', Guix went ahead and downloaded the
bootstrap binaries, so I suspect `guix refresh` fails to recognize the
full scope of this update.

'ed' is used as a native-input for 'patch', could that be related?

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]