[bug#48656] [PATCH] gnu: lz4: Add a patch for CVE-2021-3520.

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#48656] [PATCH] gnu: lz4: Add a patch for CVE-2021-3520.

From:	Jelle Licht
Subject:	[bug#48656] [PATCH] gnu: lz4: Add a patch for CVE-2021-3520.
Date:	Mon, 29 May 2023 13:43:24 +0200

Jelle Licht <jlicht@fsfe.org> writes:

> Leo Famulari <leo@famulari.name> writes:
>
>> On Tue, May 25, 2021 at 03:07:05PM -0400, Leo Famulari wrote:
>>> Is there any discussion about this upstream? Why isn't it included in
>>> lz4 yet?
>>
>> I found approval from the lz4 maintainers:
>>
>> https://github.com/lz4/lz4/pull/972#issuecomment-830192743
>> https://github.com/lz4/lz4/pull/972#issuecomment-799719118
>
> It seems there's some uncertainty w.r.t. the validity of the CVE [0],
> but since then a release has been made that pulls the changes discussed
> in issue 972 into lz4 release 1.9.4.

With [0] being: https://github.com/lz4/lz4/issues/1037#issuecomment-1283560779

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#48656] [PATCH] gnu: lz4: Add a patch for CVE-2021-3520., Jelle Licht, 2023/05/29
- [bug#48656] [PATCH] gnu: lz4: Add a patch for CVE-2021-3520., Jelle Licht <=

Prev by Date: bug#48893: [PATCH] New package: ack
Next by Date: bug#49294: [PATCH] gnu: po4a: Add perl-yaml-tiny to PERL5LIB
Previous by thread: [bug#48656] [PATCH] gnu: lz4: Add a patch for CVE-2021-3520.
Next by thread: bug#48893: [PATCH] New package: ack
Index(es):
- Date
- Thread