From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 02 14:44:14 2021 Received: (at 47563) by debbugs.gnu.org; 2 Apr 2021 18:44:14 +0000 Received: from localhost ([127.0.0.1]:32849 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lSOmD-0000Om-O9 for submit@debbugs.gnu.org; Fri, 02 Apr 2021 14:44:14 -0400 Received: from mail.zaclys.net ([178.33.93.72]:44729) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lSOmB-0000OW-Hm for 47563@debbugs.gnu.org; Fri, 02 Apr 2021 14:44:12 -0400 Received: from [192.168.1.115] (lsl43-1_migr-78-195-19-20.fbx.proxad.net [78.195.19.20] (may be forged)) (authenticated bits=0) by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 132Ii4Jp002971 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 2 Apr 2021 20:44:04 +0200 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 132Ii4Jp002971 Authentication-Results: mail.zaclys.net; dmarc=fail (p=reject dis=none) header.from=zaclys.net Authentication-Results: mail.zaclys.net; spf=fail smtp.mailfrom=lle-bout@zaclys.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net; s=default; t=1617389045; bh=0VQt4NVYZqb1BGhJyIpbk400HWYKIiIWyKTbw4eTytQ=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=BlhSFbEEuYGB7TyypW193b4dzumCgO0Bi4cZG6IrEDTU1LJP/3COqnDYkeoSnjOAW IVupJ2O+zHfmh+RYWUSUx8PZsYnfvlH77T1szYVxdpIeaniYRZQd5oOAIB/bD+P3OV dl6gTzefygMYIhszzRqa2hRbpSvsTALXK4gRaXdg= Message-ID: <6d54754e99e6dabb669e16b2036485fbaa64b318.camel@zaclys.net> Subject: Re: bug#47563: [PATCH 0/1] gnu: curl: Fix CVE-2021-22876 and CVE-2021-22890. From: =?ISO-8859-1?Q?L=E9o?= Le Bouter To: Leo Famulari , =?ISO-8859-1?Q?L=E9o?= Le Bouter via Bug reports for GNU Guix Date: Fri, 02 Apr 2021 20:43:59 +0200 In-Reply-To: References: <3f93f64c692d9e0604aa406a735d81084443b692.camel@zaclys.net> <20210402140940.28300-1-lle-bout@zaclys.net> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-CnMrqYUJBP4cAC+Lrp2O" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 47563 Cc: 47563@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-CnMrqYUJBP4cAC+Lrp2O Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, 2021-04-02 at 14:22 -0400, Leo Famulari wrote: >=20 > Can we try grafting an "upgrade" to 7.76.0? In my experience, most > curl > upgrades are graftable. >=20 > Curl's developers are very careful with their ABI and even maintain > their own page on the subject: If you think that's OK, let's do it! I see indeed from that page there should be no problem. Will send a patch shortly. --=-CnMrqYUJBP4cAC+Lrp2O Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBnZe8ACgkQRaix6GvN EKZRpBAAu0jSyDC45KwphQc0YSZ21i6TpT6IbemgusCv2lCyfaf/uXMYzHWqoi2a D5lh0ll5UnWnRDcElNMjdMpK4dmJ2s88g/7O2XuTiqn+At92u4spmw+KUVsaIngg 582DyP4ebkji47fK2S4BF3vBC73BWrrUPoOizFsZ145hPC1o19+qLm5f82G8bnS1 vPi+alC3Xob62TWZ1PthUX1VJr8rd4SC0mZXNBhM0iTCO2wmUwcJHBCSCnSfohxG DAlAvBsRe849JDDCiOcYQK1Qx/If9EjIXRtafXgid+CzwgygvjUK343Bys1W1y6p pebpd5VGRQNvNmqtOiix03Oxkjlt93FvImDsIIkxwjn5+iKLrBgikNAVlGSiDZr1 7wX4CtjfsFJwnOGdCuoL4/O/WWbet6rcJwxl2SvMPf0mKxJhSAhS4PgWVk5Dm4vm lagmHnw4p7Mb0543VF6Mfc5/WcDg4/P/t0sFBI6CJQ01Kb3JE+9Zo3nnaNcXTXZf AoMn/M1EnnOx8ZjyIA6HslcZJ51V0AmkfNZXeBvZJ8YXXCM/ORUeiHhwJPl+QQo4 qFg53Bsks8DR5ZBRN6OQmW6qHqzVh+0BvrwKOHG3gaOgt0dJ8oXI+6dwOxns7ye6 kiJNWZzo6Vtqup6w3xShmEuZVLHoqoURop6MLIJ//YoYIvVIAuo= =akFM -----END PGP SIGNATURE----- --=-CnMrqYUJBP4cAC+Lrp2O--