On Wed, Jul 19, 2017 at 07:04:53PM +0800, Alex Vong wrote: > Here is the updated patch: > > From 33ae64ead2031e7707639302977d31487e992660 Mon Sep 17 00:00:00 2001 > From: Alex Vong > Date: Wed, 19 Jul 2017 17:01:47 +0800 > Subject: [PATCH] gnu: heimdal: Fix CVE-2017-{6594,11103}. > > * gnu/packages/patches/heimdal-CVE-2017-6594.patch, > gnu/packages/patches/heimdal-CVE-2017-11103.patch: New files. > * gnu/local.mk (dist_patch_DATA): Add them. > * gnu/packages/kerberos.scm (heimdal)[source]: Use them. Thanks! I recreated the commit since the patch no longer applied to 'gnu/local.mk' and pushed as 81c35029d4ee4fa7cd517998844229a514b35531. I'm leaving this bug open for now so we can discuss the update. By the way everyone, the vulnerability disclosure / promotion web page, , has a nice primer on the bug (warning, the page plays music automatically). Thanks for including that, Alex.