[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#48656] [PATCH] gnu: lz4: Add a patch for CVE-2021-3520.
From: |
Leo Famulari |
Subject: |
[bug#48656] [PATCH] gnu: lz4: Add a patch for CVE-2021-3520. |
Date: |
Tue, 25 May 2021 15:07:05 -0400 |
On Tue, May 25, 2021 at 08:24:07PM +0200, Solene Rapenne via Guix-patches via
wrote:
> This imports a patch that is not committed upstream yet
> but pending for merge on github
>
> https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7
>
> This is already widely used in many distributions distributing lz4
>
> ---
> gnu/packages/compression.scm | 7 +++++--
> gnu/packages/patches/lz4-CVE-2021-3520.patch | 15 +++++++++++++++
When adding a new patch file, you have to register it in 'gnu/local.mk'.
Is there any discussion about this upstream? Why isn't it included in
lz4 yet?