aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages
diff options
context:
space:
mode:
authorAlex Vong <alexvong1995@gmail.com>2017-02-11 22:58:19 +0800
committerMarius Bakke <mbakke@fastmail.com>2017-02-12 22:29:36 +0100
commited7732bc625585e6ec51c6f60716c8a6a916082b (patch)
tree75d87e321c63083702778fbc71c1cfa24020f86e /gnu/packages
parente4f43bc517a5ccf181f23072da4544c6437d92ae (diff)
downloadguix-ed7732bc625585e6ec51c6f60716c8a6a916082b.tar
guix-ed7732bc625585e6ec51c6f60716c8a6a916082b.tar.gz
gnu: lcms: Mention CVE-2016-10165.
* gnu/packages/patches/lcms-fix-out-of-bounds-read.patch: Rename to ... * gnu/packages/patches/lcms-CVE-2016-10165.patch: ... this. * gnu/local.mk (dist_patch_DATA): Adjust. * gnu/packages/ghostscript.scm (lcms)[source]: Use renamed patch. Signed-off-by: Marius Bakke <mbakke@fastmail.com>
Diffstat (limited to 'gnu/packages')
-rw-r--r--gnu/packages/ghostscript.scm2
-rw-r--r--gnu/packages/patches/lcms-CVE-2016-10165.patch (renamed from gnu/packages/patches/lcms-fix-out-of-bounds-read.patch)4
2 files changed, 4 insertions, 2 deletions
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 4b8e62348c..826a2fc374 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -45,7 +45,7 @@
(method url-fetch)
(uri (string-append "mirror://sourceforge/lcms/lcms/" version
"/lcms2-" version ".tar.gz"))
- (patches (search-patches "lcms-fix-out-of-bounds-read.patch"))
+ (patches (search-patches "lcms-CVE-2016-10165.patch"))
(sha256 (base32
"08pvl289g0mbznzx5l6ibhaldsgx41kwvdn2c974ga9fkli2pl36"))))
(build-system gnu-build-system)
diff --git a/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch b/gnu/packages/patches/lcms-CVE-2016-10165.patch
index d9f7ac6a36..fa4d75c9ee 100644
--- a/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch
+++ b/gnu/packages/patches/lcms-CVE-2016-10165.patch
@@ -1,7 +1,9 @@
-Fix an out-of-bounds heap read in Type_MLU_Read():
+Fix CVE-2016-10165, an out-of-bounds heap read in Type_MLU_Read():
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165
http://seclists.org/oss-sec/2016/q3/288
https://bugzilla.redhat.com/show_bug.cgi?id=1367357
+https://security-tracker.debian.org/tracker/CVE-2016-10165
Patch copied from upstream source repository: