bug#47144: security patching of 'patch' package

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47144: security patching of 'patch' package

From:	Maxim Cournoyer
Subject:	bug#47144: security patching of 'patch' package
Date:	Tue, 22 Mar 2022 23:03:47 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)

Hi,

Ludovic Courtès <ludo@gnu.org> writes:

> Hi,
>
> Léo Le Bouter via Bug reports for GNU Guix <bug-guix@gnu.org> skribis:
>
>> * gnu/packages/base.scm (patch/fixed): New variable.
>> (patch)[replacement]: Graft.
>
> It’s (almost) useless to provide a graft of ‘patch’ because patch is
> usually a build-time only dependency.  (Maybe we can tell it’s not
> vulnerable to the issues at hand because in that context it’s always
> given controlled input: the package patches.)
>
> What could be useful is to provide a second version of patch so that
> people running ‘guix install patch’ or similar get the newer version.

The latest release of patch is the one we have, v2.7.6, made 4 years
ago.

Thanks,

Maxim

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47144: security patching of 'patch' package, Maxim Cournoyer <=

Prev by Date: bug#47259: python-pillow-simd package vulnerable to at least CVE-2021-25293
Next by Date: bug#47019: Rust 1.26.2 from the master branch fails to build on aarch64-linux
Previous by thread: bug#47259: python-pillow-simd package vulnerable to at least CVE-2021-25293
Next by thread: bug#47019: Rust 1.26.2 from the master branch fails to build on aarch64-linux
Index(es):
- Date
- Thread