[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 02/03: gnu: nghttp2: Update to 1.31.1 [fixes CVE-2018-1000168].
From: |
Marius Bakke |
Subject: |
Re: 02/03: gnu: nghttp2: Update to 1.31.1 [fixes CVE-2018-1000168]. |
Date: |
Thu, 12 Apr 2018 20:15:10 +0200 |
User-agent: |
Notmuch/0.26.1 (https://notmuchmail.org) Emacs/25.3.1 (x86_64-pc-linux-gnu) |
Mark H Weaver <address@hidden> writes:
> Hi Marius,
>
> address@hidden (Marius Bakke) writes:
>
>> mbakke pushed a commit to branch master
>> in repository guix.
>>
>> commit 65bfe30d8a4e930599603f6d835023bbd0dbcb9a
>> Author: Marius Bakke <address@hidden>
>> Date: Thu Apr 12 19:43:31 2018 +0200
>>
>> gnu: nghttp2: Update to 1.31.1 [fixes CVE-2018-1000168].
>>
>> * gnu/packages/web.scm (nghttp2): Update to 1.31.1.
>
> Thank you for this, but it would entail far too many builds to update on
> the 'master' branch. 'curl' depends on 'nghttp2'. According to 'guix
> refresh -l', it would require 2839 rebuilds on x86_64.
On 'master', nghttp2 only has 1 dependent, the reverse curl dependency
was added in this 'core-updates'.
Since we haven't started the "full" core-updates on Hydra yet, I figured
it was okay. What do you think?
signature.asc
Description: PGP signature