Re: bsdiff package vulnerable to CVE-2020-14315

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bsdiff package vulnerable to CVE-2020-14315

From:	Mark H Weaver
Subject:	Re: bsdiff package vulnerable to CVE-2020-14315
Date:	Sun, 14 Mar 2021 17:31:00 -0400

Léo Le Bouter <lle-bout@zaclys.net> writes:

> On Wed, 2021-03-10 at 12:32 -0500, Leo Famulari wrote:
>> Well, we could also just remove this package. It sounds like it is
>> not
>> supported on Linux. Does it offer some unique functionality?
>
> I would advocate for removal of the package, or at least warning about
> absence of security patches for security issues at install/show time.

For the record, Léo removed this package in commit
373c7b5791acd8f377455be47260948b843dd5db on the 'master' branch.

      Mark

[Prev in Thread]

Current Thread

[Next in Thread]

bsdiff package vulnerable to CVE-2020-14315, Léo Le Bouter, 2021/03/10
- Re: bsdiff package vulnerable to CVE-2020-14315, Leo Famulari, 2021/03/10
  - Re: bsdiff package vulnerable to CVE-2020-14315, Léo Le Bouter, 2021/03/10
    - Re: bsdiff package vulnerable to CVE-2020-14315, Mark H Weaver <=

Prev by Date: Re: Examples on why ungrafting is necessary
Next by Date: Re: Guile Netlink 1.0 released
Previous by thread: Re: bsdiff package vulnerable to CVE-2020-14315
Next by thread: Re: 05/07: inferior: Fix concurrent cached-profile calls.
Index(es):
- Date
- Thread