[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] gnu: jq: Fix CVE-2015-8863.
From: |
Leo Famulari |
Subject: |
Re: [PATCH] gnu: jq: Fix CVE-2015-8863. |
Date: |
Thu, 11 Aug 2016 15:44:59 -0400 |
User-agent: |
Mutt/1.6.0 (2016-04-01) |
On Thu, Aug 11, 2016 at 05:11:02PM +0200, Jelle Licht wrote:
> Hello,
>
> Attached patch backports the commit[0] for jq that fixed the vulnerability
> referred to as CVE-2015-8863[1]. Some feedback would be welcome.
>
> - Jelle
>
> * gnu/packages/patches/jq-CVE-2015-8863.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/web.scm (jq): Add it.
Thank you for paying attention to this! I added a comment to the patch
file with links to the MITRE page and to the source of the patch. I
think this having this information about the patch is helpful.
Pushed as f2b4c18cd96a69e375d7d9b5ad1c09f8fc065571.