On Fri, 29 Jan 2016 01:01:19 -0500 Leo Famulari <l...@famulari.name> wrote:
> This patch updates harfbuzz to 1.0.6, fixing CVE-2016-2052 [0]. > > However, 587 packages depend on harfbuzz [1]. Where should the patch be > applied? > > [0] > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2052 > > [1] > Building the following 199 packages would ensure 388 dependent packages > are rebuilt: avidemux-2.6.10 python-pyqt-5.5 pumpa-0.9.1 [snip] > Leo Famulari (1): > gnu: harfbuzz: Update to 1.0.6 [fixes CVE-2016-2052]. > > gnu/packages/gtk.scm | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > how about the security-updates branch? -- Efraim Flashner <efr...@flashner.co.il> אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted
pgp4kFYgTyiBr.pgp
Description: OpenPGP digital signature