Re: bsdiff package vulnerable to CVE-2020-14315

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bsdiff package vulnerable to CVE-2020-14315

From:	Leo Famulari
Subject:	Re: bsdiff package vulnerable to CVE-2020-14315
Date:	Wed, 10 Mar 2021 12:32:12 -0500

On Wed, Mar 10, 2021 at 09:49:57AM +0100, Léo Le Bouter wrote:
> A patch exists from FreeBSD: 
> https://www.freebsd.org/security/patches/SA-16:29/bspatch.patch - but
> it needs non-trivial porting since FreeBSD seems to have diverged in
> important ways from the source tree we use.
> 
> Debian, Fedora, Gentoo, Arch Linux, Void Linux, none have fixed this
> CVE yet due to missing readily usable patch.

Well, we could also just remove this package. It sounds like it is not
supported on Linux. Does it offer some unique functionality?

[Prev in Thread]

Current Thread

[Next in Thread]

bsdiff package vulnerable to CVE-2020-14315, Léo Le Bouter, 2021/03/10
- Re: bsdiff package vulnerable to CVE-2020-14315, Leo Famulari <=
  - Re: bsdiff package vulnerable to CVE-2020-14315, Léo Le Bouter, 2021/03/10
    - Re: bsdiff package vulnerable to CVE-2020-14315, Mark H Weaver, 2021/03/14

Prev by Date: Re: Generate diff with git-diff and use in patches field of packages
Next by Date: Re: Generate diff with git-diff and use in patches field of packages
Previous by thread: bsdiff package vulnerable to CVE-2020-14315
Next by thread: Re: bsdiff package vulnerable to CVE-2020-14315
Index(es):
- Date
- Thread