[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 0/1] curl: Fix CVE-2016-3739.
From: |
Leo Famulari |
Subject: |
Re: [PATCH 0/1] curl: Fix CVE-2016-3739. |
Date: |
Mon, 13 Jun 2016 12:14:14 -0400 |
User-agent: |
Mutt/1.6.0 (2016-04-01) |
On Mon, Jun 13, 2016 at 03:42:47PM +0000, ng0 wrote:
> From the way it was done in Gentoo, I assume this is not needed?
> mbedtls is a separate package, and I have libressl as the curlssl provider,
> which is a curl built against libressl.
>
> If I am wrong, correct me.
> My initial comment was a bit out of place, but I just assume it will
> justwork™ on guix, otherwise a curl-with-mbedtls would have to be
> created.
>
> Sorry for the confusion.
I think the confusion was mine. Unless Hiawatha requires a curl linked
against mbedTLS, I don't think there will be any problem with
CVE-2016-3739 and Hiawatha.