[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27370: [PATCH] gnu: libtiff: Fix several bugs related to improper co
|
From: |
Leo Famulari |
|
Subject: |
bug#27370: [PATCH] gnu: libtiff: Fix several bugs related to improper codec usage [security fixes]. |
|
Date: |
Thu, 15 Jun 2017 11:52:29 -0400 |
|
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Thu, Jun 15, 2017 at 10:13:43AM +0200, Ludovic Courtès wrote:
> Leo Famulari <address@hidden> skribis:
>
> > Fixes CVE-2014-8128, CVE-2015-7554, CVE-2016-5318, CVE-2016-10095, and
> > the other bugs listed in 'libtiff-tiffgetfield-bugs.patch'.
> >
> > * gnu/packages/patches/libtiff-tiffgetfield-bugs.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Add it.
> > * gnu/packages/image.scm (libtiff-4.0.8)[source]: Use it.
>
> LGTM. ‘guix lint -c cve’ will keep complaining, but I guess splitting
> the patch in one patch per CVE might be hard and not worth the effort.
> Thoughts?
The long list of bugs has a single root cause and fix, so there is only
one patch.
> Could you apply them to ‘core-updates’ as well?
Sure, done!
signature.asc
Description: PGP signature