From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 11 17:33:30 2018 Received: (at 30061-done) by debbugs.gnu.org; 11 Jan 2018 22:33:30 +0000 Received: from localhost ([127.0.0.1]:52642 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eZlPe-0005zL-GK for submit@debbugs.gnu.org; Thu, 11 Jan 2018 17:33:30 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:36923) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eZlPa-0005zB-KN for 30061-done@debbugs.gnu.org; Thu, 11 Jan 2018 17:33:29 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 15C0F20B97; Thu, 11 Jan 2018 17:33:26 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Thu, 11 Jan 2018 17:33:26 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= mesmtp; bh=fKqECr/UP996vkMB2tSagW7/fi8sKb3F3bt/vMDe6+g=; b=TUD1H KRi3V2VCrWAJRsD21KCqWZaZ+Dx1kY1CYRX4Y1eBxIRh4gjNi1e4fL92xAYqGxI/ B6d0VzeRLI+Z9ITE27trcCkBSiu87LAWftdYgEGnPczCgTjpMpOh/9ow0agBcIyY FkTW5QPAutR9bpCK9aMSKV67TwdpnSqPexVr4E= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=fKqECr/UP996vkMB2tSagW7/fi8sK b3F3bt/vMDe6+g=; b=IQtqhoGCYFAbSbFjND0hXWMGxUoJtIVtPnJjtNydPB+h9 DnSNGzlyJKtJoLvZrv1555NsLQr0o6yBiEW5XOCYaOSvXBWwJ5k7fSF+tqBMtB3R dG6ufuywr/ehhjFnVSERZJ9bFoP0/H3WBvJR2W2lfWwcgILtHNdNMk10T82Q+t+Q /A5c6QUYSG9uNnbnjo3N9I8Th/SqdeMrYEo4qS/9j12kHTttv+c1z4XjTJOKzEU+ QY36Wyy63S6iPUCjRLSQexLcLCe6/r9f1i46MTQaJi8v+8ZsVvA7kCo425yzKV5Y 7TG4G+ww/NVPrH127TyxkmIqQzgbWoa+IO4FPSElw== X-ME-Sender: Received: from localhost (unknown [162.208.95.194]) by mail.messagingengine.com (Postfix) with ESMTPA id 760027E335; Thu, 11 Jan 2018 17:33:25 -0500 (EST) Date: Thu, 11 Jan 2018 14:33:22 -0800 From: Leo Famulari To: Ludovic =?iso-8859-1?Q?Court=E8s?= Subject: Re: [bug#30061] [PATCH] gnu: libvorbis: Fix CVE-2017-{14632,14633}. Message-ID: <20180111223322.GA12238@jasmine.lan> References: <9a94afdf5d9bcc8a61f31acdf346bbab1f44307f.1515575258.git.leo@famulari.name> <87h8rsnl4i.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="k1lZvvs/B4yU6o8G" Content-Disposition: inline In-Reply-To: <87h8rsnl4i.fsf@gnu.org> User-Agent: Mutt/1.9.2 (2017-12-15) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 30061-done Cc: 30061-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --k1lZvvs/B4yU6o8G Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 11, 2018 at 10:25:33PM +0100, Ludovic Court=C3=A8s wrote: > Hi, >=20 > Leo Famulari skribis: >=20 > > * gnu/packages/patches/libvorbis-CVE-2017-14632.patch, > > gnu/packages/patches/libvorbis-CVE-2017-14633.patch: New files. > > * gnu/local.mk (dist_patch_DATA): Add them. > > * gnu/packages/xiph.scm (libvorbis)[replacement]: New field. > > (libvorbis/fixed): New variable. >=20 > LGTM. Pushed as 138c08899ba73049de8afd2b74a8cf6845a1d9e1 > On =E2=80=98core-updates=E2=80=99, should we perform a rebuild instead of= grafting? Yes, I merged master into core-updates and ungrafted libvorbis in e6ebc7b13225f0eddc404b7d8e136120b962181e --k1lZvvs/B4yU6o8G Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlpX5jIACgkQJkb6MLrK fwjXeA//QpH4EHthoNVDzlsLhf+xSUKWTh5zTRkRR5hQZPlikKEqJB9gDrMVv71Z 06HY2f9Yz2W8b+vxsBPFo6tYeiVOyUZ3LrK3CbejYNo82LO84NGGJZteakwIL7cz MftHSZgEPmZSD82KVqfDPL/As3+BsKBmi/U6FE1DnKEdBLtsERgq7ErCD5GdLpnb 94l1uFLONTQymO4FOwafaGbOGCPBUdk1rcnx2mTZgmuo6RgkcblRq719rPk/RXIC aIab0ovTaM4A3hATXn20yfPVaPylb1xZpU/Pu0Q6P67gX5Ln1X8J9TfaVi60+Oz/ VUF2Hy0OvmVukvmHS4KnhO92ixIDQOgpMnC1pMEhyEVTZMr7B6Ni1eKWav9EAhUz iDUL9li/jHnqbKQWFW/3zs2lqC0jgSn+1yUxGOTKRWLj7sxC0L7Bdcp+DGH86sU/ kDaMFZ6iFY+HfcXKh/5WcOYJjm4p5Su1QeKKwQpdkJLmIuYUSkmf8pwXYkzZ5486 hR7KOjMimEXH5jOHrQsCAO3EgS83l3K+M6tWx9yORmZvuMDKi6I9+wJ3bh+GKAVF pHRvSMfP2psrEvuHy15Ecmnsui1HyiohFfE7aJGSPpUqNm9UTKG0PVhv3tK4UwL9 OpW05WDJxqJfo1u9dF4+P1Amm2+M7MkYjShym9lkBvnSKliHn5I= =thrW -----END PGP SIGNATURE----- --k1lZvvs/B4yU6o8G--