guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 0/1] Curl security update (CVE-2016-0755)

From: Leo Famulari
Subject: Re: [PATCH 0/1] Curl security update (CVE-2016-0755)
Date: Wed, 27 Jan 2016 17:30:58 -0500
User-agent: Mutt/1.5.24 (2015-08-30) 
On Wed, Jan 27, 2016 at 09:03:45PM +0100, Andreas Enge wrote:
> On Wed, Jan 27, 2016 at 01:57:22PM -0500, Leo Famulari wrote:
> > This patch updates curl to 7.47.0, fixing CVE-2016-0755 [0][1].
> 
> Ouch!
> 
> guix refresh -l curl
> Building the following 318 packages would ensure 772 dependent packages are 
> rebuilt
> 
> This is about a quarter of all packages.
> 
> > Feel free to apply the patch where appropriate.
> 
> I would suggest the following: Quickly merge core-updates once the packages
> on x86_64 are built (there are not many left, and qt-5 did build successfully
> sequentially, so this could be done tomorrow), then create a new
> security-updates branch with the patch for curl.
> 
> What do you think?

Civodul and mark_weaver discussed how best to apply it on #guix. I think
the plan is to build it in a branch with tomorrow's OpenSSL security
update.

> 
> Andreas
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]