guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#65482] [PATCH 0/3] gnu: racket: Update to 8.10.

From: Philip McGrath
Subject: [bug#65482] [PATCH 0/3] gnu: racket: Update to 8.10.
Date: Sat, 2 Sep 2023 21:59:23 -0400
User-agent: Mozilla Thunderbird 
tags 65482 + security
quit

On 8/23/23 20:05, Philip McGrath wrote:

Hi,

In addition to updating Racket to 8.10, this patch series backports fixes
merged upstream for rktboot on architectures other than x86_64 and removes
a corresponding workaround from the Guix packaging.

Efraim and Tim, I'm CC'ing you because of your recent patches for rktboot on
aarch64 and riscv64: it would be great if you could confirm that this series
works on those architectures. It would also be useful to test powerpc64le,
especially since it is supported via 'pbarch', which takes some different
branches.
Apparently Racket 8.10 fixes a notable security vulnerability related to module path parsing. There's an initial post at <https://github.com/racket/racket/issues/4731>, but they're not publishing the details of how to exploit the vulnerability until more people have had a chance to upgrade. (I don't think I fully understand the implications of the issue myself.)
Also, Tim, thanks for testing! I seem not to have gotten your mail, but I saw it on the tracker just now. 

Philip
reply via email to
[Prev in Thread] Current Thread [Next in Thread]