diff options
author | Jelle Licht <jlicht@fsfe.org> | 2016-08-11 17:02:41 +0200 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2016-08-11 15:42:32 -0400 |
commit | f2b4c18cd96a69e375d7d9b5ad1c09f8fc065571 (patch) | |
tree | 5cc3181c3004df7937ddae75f5ec52ee51c08bf7 /gnu/packages/web.scm | |
parent | e08ca4b9665a2ed35da04e450eb34c3975c05059 (diff) | |
download | guix-f2b4c18cd96a69e375d7d9b5ad1c09f8fc065571.tar guix-f2b4c18cd96a69e375d7d9b5ad1c09f8fc065571.tar.gz |
gnu: jq: Fix CVE-2015-8863.
* gnu/packages/patches/jq-CVE-2015-8863.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/web.scm (jq)[source]: Use it.
Signed-off-by: Leo Famulari <leo@famulari.name>
Diffstat (limited to 'gnu/packages/web.scm')
-rw-r--r-- | gnu/packages/web.scm | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index fa791ffbe1..9106295061 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -3293,7 +3293,11 @@ It uses the uwsgi protocol for all the networking/interprocess communications.") "/" name "-" version ".tar.gz")) (sha256 (base32 - "0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4")))) + "0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4")) + ;; This patch has been pushed and the vulnerability will be + ;; fixed in the next release after 1.5. + ;; https://github.com/stedolan/jq/issues/995 + (patches (search-patches "jq-CVE-2015-8863.patch")))) (inputs `(("oniguruma" ,oniguruma))) (native-inputs |