On Sat, Nov 26, 2016 at 03:03:46PM -0500, Leo Famulari wrote: > * gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. > * gnu/packages/cyrus-sasl.scm (cyrus-sasl)[replacement]: New field. > (cyrus-sasl/fixed): New variable. > [source]: Use patch.
> diff --git a/gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch > b/gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch > new file mode 100644 > index 0000000..4e79947 > --- /dev/null > +++ b/gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch > @@ -0,0 +1,130 @@ > +Fix CVE-2013-4122. > + > +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4122 > + > +Upstream patch: > +https://cgit.cyrus.foundation/cyrus-sasl/patch/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d I forgot to update this URL to the new repo: https://github.com/cyrusimap/cyrus-sasl/commit/dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d I can't reach the cyrus.foundation repo.
