diff options
author | Alex Vong <alexvong1995@gmail.com> | 2017-02-11 22:58:19 +0800 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2017-02-12 22:29:36 +0100 |
commit | ed7732bc625585e6ec51c6f60716c8a6a916082b (patch) | |
tree | 75d87e321c63083702778fbc71c1cfa24020f86e | |
parent | e4f43bc517a5ccf181f23072da4544c6437d92ae (diff) |
gnu: lcms: Mention CVE-2016-10165.
* gnu/packages/patches/lcms-fix-out-of-bounds-read.patch: Rename to ...
* gnu/packages/patches/lcms-CVE-2016-10165.patch: ... this.
* gnu/local.mk (dist_patch_DATA): Adjust.
* gnu/packages/ghostscript.scm (lcms)[source]: Use renamed patch.
Signed-off-by: Marius Bakke <mbakke@fastmail.com>
-rw-r--r-- | gnu/local.mk | 3 | ||||
-rw-r--r-- | gnu/packages/ghostscript.scm | 2 | ||||
-rw-r--r-- | gnu/packages/patches/lcms-CVE-2016-10165.patch (renamed from gnu/packages/patches/lcms-fix-out-of-bounds-read.patch) | 4 |
3 files changed, 6 insertions, 3 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 753c0ef053..af9dfff0f8 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -9,6 +9,7 @@ # Copyright © 2016 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org> # Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net> # Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com> +# Copyright © 2016, 2017 Alex Vong <alexvong1995@gmail.com> # # This file is part of GNU Guix. # @@ -656,7 +657,7 @@ dist_patch_DATA = \ %D%/packages/patches/kobodeluxe-midicon-segmentation-fault.patch \ %D%/packages/patches/kobodeluxe-graphics-window-signed-char.patch \ %D%/packages/patches/laby-make-install.patch \ - %D%/packages/patches/lcms-fix-out-of-bounds-read.patch \ + %D%/packages/patches/lcms-CVE-2016-10165.patch \ %D%/packages/patches/ldc-disable-tests.patch \ %D%/packages/patches/ldc-1.1.0-disable-dmd-tests.patch \ %D%/packages/patches/ldc-1.1.0-disable-phobos-tests.patch \ diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 4b8e62348c..826a2fc374 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -45,7 +45,7 @@ (method url-fetch) (uri (string-append "mirror://sourceforge/lcms/lcms/" version "/lcms2-" version ".tar.gz")) - (patches (search-patches "lcms-fix-out-of-bounds-read.patch")) + (patches (search-patches "lcms-CVE-2016-10165.patch")) (sha256 (base32 "08pvl289g0mbznzx5l6ibhaldsgx41kwvdn2c974ga9fkli2pl36")))) (build-system gnu-build-system) diff --git a/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch b/gnu/packages/patches/lcms-CVE-2016-10165.patch index d9f7ac6a36..fa4d75c9ee 100644 --- a/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch +++ b/gnu/packages/patches/lcms-CVE-2016-10165.patch @@ -1,7 +1,9 @@ -Fix an out-of-bounds heap read in Type_MLU_Read(): +Fix CVE-2016-10165, an out-of-bounds heap read in Type_MLU_Read(): +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165 http://seclists.org/oss-sec/2016/q3/288 https://bugzilla.redhat.com/show_bug.cgi?id=1367357 +https://security-tracker.debian.org/tracker/CVE-2016-10165 Patch copied from upstream source repository: |