|
From: | Philip McGrath |
Subject: | [bug#65482] [PATCH 0/3] gnu: racket: Update to 8.10. |
Date: | Sat, 2 Sep 2023 21:59:23 -0400 |
User-agent: | Mozilla Thunderbird |
tags 65482 + security quit On 8/23/23 20:05, Philip McGrath wrote:
Hi, In addition to updating Racket to 8.10, this patch series backports fixes merged upstream for rktboot on architectures other than x86_64 and removes a corresponding workaround from the Guix packaging. Efraim and Tim, I'm CC'ing you because of your recent patches for rktboot on aarch64 and riscv64: it would be great if you could confirm that this series works on those architectures. It would also be useful to test powerpc64le, especially since it is supported via 'pbarch', which takes some different branches.
Apparently Racket 8.10 fixes a notable security vulnerability related to module path parsing. There's an initial post at <https://github.com/racket/racket/issues/4731>, but they're not publishing the details of how to exploit the vulnerability until more people have had a chance to upgrade. (I don't think I fully understand the implications of the issue myself.)
Also, Tim, thanks for testing! I seem not to have gotten your mail, but I saw it on the tracker just now.
Philip
[Prev in Thread] | Current Thread | [Next in Thread] |