Hi Leo,
On 24/06/17 02:41, Leo Famulari wrote:
Our package ocaml-4.01 is vulnerable to CVE-2015-8869, which we patched
in the primary ocaml package in April 2016. Unfortunately, this patch
was not included when the ocaml-4.01 package was created in January
2017.
https://cve.mitre.org/cgi-bin/c
I just tried to update my GuixSD system to commit
c57b56722f6c167c5a285f47802047de85a356ae on master. "guix system build"
failed with the following error:
guix system: error: profile contains conflicting entries for gtk+:out
guix system: error: first entry: gtk+@2.24.31:out
/gnu/store/901ify6f
Leo Famulari writes:
> On Fri, Jun 23, 2017 at 02:36:41PM -0400, Mark H Weaver wrote:
>> Most packages are linked with 'glibc-final' in (gnu packages
>> commencement), and we should expect them to now be linked with *its*
>> replacement. Try this to find the expected glibc-final replacement:
>>
On Sat, Jun 03, 2017 at 12:54:46AM +0200, Ludovic Courtès wrote:
> FAIL: grub_cmd_set_date
[...]
> All in all, I’m tempted to think this has to do with running the tests
> in parallel.
>
> As a stop-gap measure, I’ve committed a change to run tests
> sequentially. With this “guix build grub --
On Fri, Jun 23, 2017 at 02:36:41PM -0400, Mark H Weaver wrote:
> Most packages are linked with 'glibc-final' in (gnu packages
> commencement), and we should expect them to now be linked with *its*
> replacement. Try this to find the expected glibc-final replacement:
>
> ./pre-inst-env guix buil
Leo Famulari writes:
> On Wed, Jun 21, 2017 at 12:50:45PM +0300, Efraim Flashner wrote:
>> Subject: [PATCH] gnu: glibc: Patch CVE-2017-1000366.
>>
>> * gnu/packages/base.scm (glibc/linux)[replacement]: New field.
>> (glibc-2.25-fixed): New variable.
>> (glibc@2.24, glibc@2.23, glibc@2.22, glibc@
On Wed, Jun 21, 2017 at 12:50:45PM +0300, Efraim Flashner wrote:
> Subject: [PATCH] gnu: glibc: Patch CVE-2017-1000366.
>
> * gnu/packages/base.scm (glibc/linux)[replacement]: New field.
> (glibc-2.25-fixed): New variable.
> (glibc@2.24, glibc@2.23, glibc@2.22, glibc@2.21)[source]: Add patches.
>
Our package ocaml-4.01 is vulnerable to CVE-2015-8869, which we patched
in the primary ocaml package in April 2016. Unfortunately, this patch
was not included when the ocaml-4.01 package was created in January
2017.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8869
Do we need this olde
Our packages of OCaml 4.02.3 and 4.01.0 are vulnerable to CVE-2017-9772:
http://seclists.org/oss-sec/2017/q2/575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9772
signature.asc
Description: PGP signature
Hi
When I boot the GuixSD I get this :
" end Kernel panic - not syncing: Attempted to kill init!
exitcode=0x "
I have downloaded this file : https://alpha.gnu.org/gnu/
guix/guixsd-usb-install-0.13.0.x86_64-linux.xz
which is correctly downloaded for my system which has a 64bit cpu .
this
Mike Gerwitz skribis:
> On Thu, Jun 22, 2017 at 21:12:27 +0200, Ludovic Courtès wrote:
>> I think only GNU and kernel.org provide signatures, which represents 6%
>> of our packages. Of the 30% that do not have an updater, surely some
>> have digital signatures, but we’re probably still below 10%
Jonathan Brielmaier skribis:
> Am 22.06.2017 um 23:05 schrieb Ludovic Courtès:
>> Leo Famulari skribis:
>>
>>> On Thu, Jun 22, 2017 at 06:20:54PM +0200, Jonathan Brielmaier wrote:
copying and compiling to
'/gnu/store/ld6h1fc696q6iaxi9pax0khnm747hvgi-guix-latest' with Guile
2.0.12
Leo Famulari writes:
> On Thu, Jun 22, 2017 at 11:45:26PM +0200, Ricardo Wurmus wrote:
>>
>> Mark H Weaver writes:
>>
>> > FWIW, I always check digital signatures when they're available, and I
>> > hope that others will as well, but in practice we are putting our faith
>> > in a large number
13 matches
Mail list logo
