[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] gnu: mupdf: Fix CVE-2016-8674.
From: |
Mark H Weaver |
Subject: |
Re: [PATCH] gnu: mupdf: Fix CVE-2016-8674. |
Date: |
Wed, 26 Oct 2016 05:25:06 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Kei Kebreau <address@hidden> writes:
> Mark H Weaver <address@hidden> writes:
>
>> Leo Famulari <address@hidden> writes:
>>
>>> On Tue, Oct 25, 2016 at 12:53:28PM -0400, Kei Kebreau wrote:
>>>> Fix for
>>>> https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdf_to_num-pdf-object-c/.
>>>
>>>> From 97312c3c9e13688081aa513d1c94a9fff1274f75 Mon Sep 17 00:00:00 2001
>>>> From: Kei Kebreau <address@hidden>
>>>> Date: Tue, 25 Oct 2016 12:49:52 -0400
>>>> Subject: [PATCH] gnu: mupdf: Fix CVE-2016-8674.
>>>>
>>>> * gnu/packages/patches/mupdf-CVE-2016-8674.patch: New file.
>>>> * gnu/local.mk (dist_patch_DATA): Add it.
>>>> * gnu/packages/pdf.scm (mupdf): Use it.
>>>
>>> Thank you, please push!
>>
>> mupdf-CVE-2016-8674.patch fails to apply:
>>
>> https://hydra.gnu.org/build/1581228/nixlog/2/tail-reload
>>
>> Kei, did you test this?
>>
>> Mark
> I did not. It was a bad slip up, as I tested all of the rest of my
> patches today. I'll be significantly more careful with future security
> commits.
>
> Is it frowned upon to revert that commit on its own (it's the third to
> last commit as I write this), or should I attempt to patch on top of it?
Either way is fine with me.
Thanks!
Mark