On Fri, Sep 02, 2016 at 02:47:35PM +0200, Ludovic Courtès wrote:
> Leo Famulari skribis:
>
> > From 217f444aa56ec292ddfaacfabcbb6ddea8d1f262 Mon Sep 17 00:00:00 2001
> > From: Leo Famulari
> > Date: Fri, 2 Sep 2016 02:11:49 -0400
> > Subject: [PATCH] gnu: libidn: Replace with 1.33 [fixes CVE-201
Leo Famulari skribis:
> From 217f444aa56ec292ddfaacfabcbb6ddea8d1f262 Mon Sep 17 00:00:00 2001
> From: Leo Famulari
> Date: Fri, 2 Sep 2016 02:11:49 -0400
> Subject: [PATCH] gnu: libidn: Replace with 1.33 [fixes CVE-2015-8948 and
> CVE-2016-{6261,6263}].
>
> * gnu/packages/libidn.scm (libidn)[r
The last release of libidn, 1.33, fixed this bugs:
https://security-tracker.debian.org/tracker/CVE-2015-8948
https://security-tracker.debian.org/tracker/CVE-2016-6261
https://security-tracker.debian.org/tracker/CVE-2016-6263
We already have libidn 1.33 on core-updates.
Quoted from the release an
... and the patch.
From 217f444aa56ec292ddfaacfabcbb6ddea8d1f262 Mon Sep 17 00:00:00 2001
From: Leo Famulari
Date: Fri, 2 Sep 2016 02:11:49 -0400
Subject: [PATCH] gnu: libidn: Replace with 1.33 [fixes CVE-2015-8948 and
CVE-2016-{6261,6263}].
* gnu/packages/libidn.scm (libidn)[replacement]: New f
