Re: cairo CVE-2016-9082

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cairo CVE-2016-9082

From:	Leo Famulari
Subject:	Re: cairo CVE-2016-9082
Date:	Mon, 28 Nov 2016 22:06:41 -0500
User-agent:	Mutt/1.7.1 (2016-10-04)

On Mon, Nov 28, 2016 at 09:30:53PM +0200, Efraim Flashner wrote:
> The previous patch somehow stopped working for me, and I was getting
> complaints about unbound variable cairo/fixed, so I rewrote the patch to
> have every cairo use the patch separately.

Thanks for taking on this tricky bug fix!

> diff --git a/gnu/packages/patches/cairo-CVE-2016-9082.patch 
> b/gnu/packages/patches/cairo-CVE-2016-9082.patch

Please add a link to the patch source in the patch file. I know it can
be found in the linked bug report, but it does help readers to be
explicit, in my opinion.

Otherwise LGTM.

The patch is not in the cairo repo yet, AFAICT:

https://cgit.freedesktop.org/cairo/

But, Debian did use it:

https://anonscm.debian.org/cgit/collab-maint/cairo.git/tree/debian/patches/07_CVE-2016-9082.patch

Can you follow the upstream resolution of the bug in case they decide to
use a different patch?

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

cairo CVE-2016-9082, Efraim Flashner, 2016/11/28
- Re: cairo CVE-2016-9082, Efraim Flashner, 2016/11/28
  - Re: cairo CVE-2016-9082, Kei Kebreau, 2016/11/28
  - Re: cairo CVE-2016-9082, Leo Famulari <=
    - Re: cairo CVE-2016-9082, Efraim Flashner, 2016/11/29

Prev by Date: Re: [PATCH 0/1] Libarchive 3.2.2 update
Next by Date: Re: (Exposing?) config files and non-start/stop operations
Previous by thread: Re: cairo CVE-2016-9082
Next by thread: Re: cairo CVE-2016-9082
Index(es):
- Date
- Thread