Re: bsdiff package vulnerable to CVE-2020-14315

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bsdiff package vulnerable to CVE-2020-14315

From:	Léo Le Bouter
Subject:	Re: bsdiff package vulnerable to CVE-2020-14315
Date:	Wed, 10 Mar 2021 21:33:32 +0100
User-agent:	Evolution 3.34.2

On Wed, 2021-03-10 at 12:32 -0500, Leo Famulari wrote:
> Well, we could also just remove this package. It sounds like it is
> not
> supported on Linux. Does it offer some unique functionality?

I would advocate for removal of the package, or at least warning about
absence of security patches for security issues at install/show time.

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

bsdiff package vulnerable to CVE-2020-14315, Léo Le Bouter, 2021/03/10
- Re: bsdiff package vulnerable to CVE-2020-14315, Leo Famulari, 2021/03/10
  - Re: bsdiff package vulnerable to CVE-2020-14315, Léo Le Bouter <=
    - Re: bsdiff package vulnerable to CVE-2020-14315, Mark H Weaver, 2021/03/14

Prev by Date: Release 1.2.1: remove clang@3.6?
Next by Date: Release 1.2.1: Cuirass failed to build Haskell 179 packages
Previous by thread: Re: bsdiff package vulnerable to CVE-2020-14315
Next by thread: Re: bsdiff package vulnerable to CVE-2020-14315
Index(es):
- Date
- Thread