guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Expat 2.2.7 with security fixes has been released / CVE-2018-20843

From: Jack Hill
Subject: Re: Expat 2.2.7 with security fixes has been released / CVE-2018-20843
Date: Thu, 11 Jul 2019 19:17:53 -0400 (EDT)
User-agent: Alpine 2.20 (DEB 67 2015-01-07) 
On Fri, 28 Jun 2019, Sebastian Pipping wrote:


Hello everyone!

Sorry for the noise if you heard about the release of 2.2.7 about a week
ago through some other channel and maybe even took action, already!

To be quick, there is one DoS fix — for CVE-2018-20843 [1] — and misc
build system fixes.  The change log with details is up at [2].


Sebastian,
I'm pleased to let you know that we've applied the fix for CVE-2018-20843 in GNU Guix as of 5a836ce38c9c29e9c2bd306007347486b90c5064 [0]. We elected to backport the patch that fixed the problem instead of upgrading due to a change in the expat abi with 2.2.7 [1].
Many thanks to Marius Bakke for advice and patience while reviewing the patches. 

[0] 
http://git.savannah.gnu.org/cgit/guix.git/commit/?id=5a836ce38c9c29e9c2bd306007347486b90c5064
[1] https://issues.guix.gnu.org/issue/36424#2

Best,
Jack
reply via email to
[Prev in Thread] Current Thread [Next in Thread]