|
From: | Jack Hill |
Subject: | Re: Expat 2.2.7 with security fixes has been released / CVE-2018-20843 |
Date: | Thu, 11 Jul 2019 19:17:53 -0400 (EDT) |
User-agent: | Alpine 2.20 (DEB 67 2015-01-07) |
On Fri, 28 Jun 2019, Sebastian Pipping wrote:
Hello everyone! Sorry for the noise if you heard about the release of 2.2.7 about a week ago through some other channel and maybe even took action, already! To be quick, there is one DoS fix — for CVE-2018-20843 [1] — and misc build system fixes. The change log with details is up at [2].
Sebastian,I'm pleased to let you know that we've applied the fix for CVE-2018-20843 in GNU Guix as of 5a836ce38c9c29e9c2bd306007347486b90c5064 [0]. We elected to backport the patch that fixed the problem instead of upgrading due to a change in the expat abi with 2.2.7 [1].
Many thanks to Marius Bakke for advice and patience while reviewing the patches.
[0] http://git.savannah.gnu.org/cgit/guix.git/commit/?id=5a836ce38c9c29e9c2bd306007347486b90c5064 [1] https://issues.guix.gnu.org/issue/36424#2 Best, Jack
[Prev in Thread] | Current Thread | [Next in Thread] |