summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gnu/packages/gtk.scm22
1 files changed, 22 insertions, 0 deletions
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index 0d1e76373c..d7c18f90e1 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -427,6 +427,7 @@ highlighting and other features typical of a source code editor.")
(define-public gdk-pixbuf
(package
(name "gdk-pixbuf")
+ (replacement gdk-pixbuf-2.36.10)
(version "2.36.6")
(source (origin
(method url-fetch)
@@ -483,6 +484,7 @@ in the GNOME project.")
(define-public gdk-pixbuf+svg
(package (inherit gdk-pixbuf)
(name "gdk-pixbuf+svg")
+ (replacement gdk-pixbuf+svg-2.36.10)
(inputs
`(("librsvg" ,librsvg)
,@(package-inputs gdk-pixbuf)))
@@ -506,6 +508,26 @@ in the GNOME project.")
(synopsis
"GNOME image loading and manipulation library, with SVG support")))
+;; Graft replacement packages to fix these vulnerabilities.
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2870
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6311
+(define-public gdk-pixbuf-2.36.10
+ (package (inherit gdk-pixbuf)
+ (version "2.36.A")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnome/sources/gdk-pixbuf/2.36/"
+ "gdk-pixbuf-2.36.10.tar.xz"))
+ (sha256
+ (base32
+ "1klsjkdbashd8yb8xjsc9ff3bz32n2id5s79nrrmqiw9df4zmxpq"))))))
+
+(define-public gdk-pixbuf+svg-2.36.10
+ (package (inherit gdk-pixbuf+svg)
+ (version "2.36.A")
+ (source (origin (inherit (package-source gdk-pixbuf-2.36.10))))))
+
(define-public at-spi2-core
(package
(name "at-spi2-core")