guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/1] gnu: weex: Fix CVE-2005-3150.


From: Leo Famulari
Subject: Re: [PATCH 1/1] gnu: weex: Fix CVE-2005-3150.
Date: Sat, 5 Nov 2016 13:53:18 -0400
User-agent: Mutt/1.7.1 (2016-10-04)

On Sat, Nov 05, 2016 at 10:53:57AM +0000, Marius Bakke wrote:
> Leo Famulari <address@hidden> writes:
> 
> > * gnu/packages/patches/weex-CVE-2005-3150.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Add it.
> > * gnu/packages/ftp.scm (weex)[source]: Use it.
> 
> Wow, an 11 year-old CVE. There is a 2.8.0 release of weex from last year
> on http://weex.sf.net, is that still affected? We have 2.6.15.

And a 2.8.2 release! Updating is a better idea; I didn't realize it was
an option. Done as 2d125a9b21306919e6123f76c0970988b14dadcf

If your to-do list needs more entries, you can try increasing the values
of 'past-years' and 'past-ttls' in (guix cve).

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]