Re: curl security update

Thu, 04 Aug 2016 07:29:24 -0700 

Leo Famulari <l...@famulari.name> skribis:

> There are some new bugs disclosed in curl:
> https://curl.haxx.se/docs/security.html
>
> Grafting the new version seems like the right approach to me when I
> consider libcurl's ABI compatibility policy:
> https://curl.haxx.se/libcurl/abi.html

Sounds good.

> From ef6ae3732facb1eba77e82c6a6066832784bca5d Mon Sep 17 00:00:00 2001
> From: Leo Famulari <l...@famulari.name>
> Date: Wed, 3 Aug 2016 16:13:09 -0400
> Subject: [PATCH] gnu: curl: Replace with 7.50.1 [fixes
>  CVE-2016-{3739,4802,5419,5420,5421].

Strangely ‘guix lint -c cve’ only reports CVE-2016-3739, annoying.

> * gnu/packages/curl.scm (curl)[replacement]: New field.
> (curl-7.50.1): New variable.

LGTM!

Thank you!

Ludo’.

Reply via email to