emacs-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#54604: closed ([PATCH] gnu: zlib: Update to 1.2.12 [fixes CVE-2018-2

From: GNU bug Tracking System
Subject: bug#54604: closed ([PATCH] gnu: zlib: Update to 1.2.12 [fixes CVE-2018-25032].)
Date: Wed, 04 Jan 2023 18:02:02 +0000 
Your message dated Wed, 4 Jan 2023 13:01:30 -0500
with message-id <Y7W++q4TRRsWWioj@jasmine.lan>
and subject line Re: bug#54604: [PATCH] gnu: zlib: Update to 1.2.12 [fixes 
CVE-2018-25032].
has caused the debbugs.gnu.org bug report #54604,
regarding [PATCH] gnu: zlib: Update to 1.2.12 [fixes CVE-2018-25032].
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
54604: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=54604
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems
--- Begin Message --- Subject: [PATCH] gnu: zlib: Update to 1.2.12 [fixes CVE-2018-25032]. Date: Mon, 28 Mar 2022 00:06:59 -0400 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://seclists.org/oss-sec/2022/q1/191

* gnu/packages/compression.scm (zlib)[replacement]: New field.
(zlib-1.2.12): New variable.
---
 gnu/packages/compression.scm | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 3edaecd951..2287c755b4 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -98,6 +98,7 @@ (define-module (gnu packages compression)
 (define-public zlib
   (package
     (name "zlib")
+    (replacement zlib-1.2.12)
     (version "1.2.11")
     (source
      (origin
@@ -148,6 +149,21 @@ (define-public zlib
 in compression.")
     (license license:zlib)))
 
+(define-public zlib-1.2.12
+  (package
+    (inherit zlib)
+    (version "1.2.12")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (list (string-append "http://zlib.net/zlib-";
+                                 version ".tar.gz")
+                 (string-append "mirror://sourceforge/libpng/zlib/"
+                                version "/zlib-" version ".tar.gz")))
+      (sha256
+       (base32
+        "1n9na4fq4wagw1nzsfjr6wyly960jfa94460ncbf6p1fac44i14i"))))))
+
 (define-public minizip
   (package
     (name "minizip")
-- 
2.34.0

--- End Message ---
--- Begin Message --- Subject: Re: bug#54604: [PATCH] gnu: zlib: Update to 1.2.12 [fixes CVE-2018-25032]. Date: Wed, 4 Jan 2023 13:01:30 -0500 
On Tue, Jan 03, 2023 at 05:31:04PM -0500, Maxim Cournoyer wrote:
> Ping!  Feel free to apply it.

Pushed as c2c93abd18c37f438006cded8124ff0a32a0e4a7

I forgot about it, sorry!

--- End Message ---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]