On Sat, Aug 27, 2016 at 11:48:10PM +0200, Ludovic Courtès wrote: > Hello! > > Leo Famulari <l...@famulari.name> skribis: > > > On Fri, Aug 26, 2016 at 06:14:26PM -0400, Leo Famulari wrote: > >> Subject: [PATCH] gnu: flex: Fix CVE-2016-6354. > >> > >> * gnu/packages/flex.scm (flex)[replacement]: New field. > >> (flex/fixed): New variable. > >> * gnu/packages/patches/flex-CVE-2016-6354.patch: New file. > >> * gnu/local.mk (dist_patch_DATA): Add it. > > > > As Mark pointed out on #guix, bugs in flex's generated code can not be > > addressed with a graft. > > Indeed. We should add this patch to ‘core-updates’ and start building > it (I haven’t checked the status of the various branches, though.)
Done as eba7fab890. I'm not sure of the overall health of the branch, but I have built some packages from it locally on x86_64. So, the base system seems to be working.
