[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47563: [PATCH 0/1] gnu: curl: Fix CVE-2021-22876 and CVE-2021-22890.
From: |
Leo Famulari |
Subject: |
bug#47563: [PATCH 0/1] gnu: curl: Fix CVE-2021-22876 and CVE-2021-22890. |
Date: |
Fri, 2 Apr 2021 14:22:06 -0400 |
On Fri, Apr 02, 2021 at 04:09:39PM +0200, Léo Le Bouter via Bug reports for GNU
Guix wrote:
> curl-CVE-2021-22876.patch was rebased onto 7.74.0, but
> curl-CVE-2021-22890.patch
> does not apply and please I need help rebasing it, it looks quite complex.
>
> I pushed an upgrade of curl to 7.76.0 which has been much much easier to
> core-updates already as
> https://git.savannah.gnu.org/cgit/guix.git/commit/?h=core-updates&id=2e0b1b62e94b926041ca9af70537dd9b3ab64edf
> but unfortunately since curl requires so many rebuilds it seems we can't use
> such commit on master for now.
Can we try grafting an "upgrade" to 7.76.0? In my experience, most curl
upgrades are graftable.
Curl's developers are very careful with their ABI and even maintain
their own page on the subject: <https://curl.se/libcurl/abi.html>