Re: [PATCH 0/1] Fix CVE-2015-{8629, 8630, 8631}

[Leo Famulari]

On Thu, Feb 04, 2016 at 08:13:18PM -0500, Mark H Weaver wrote:
> Leo Famulari  writes:
> 
> > These are upstream patches, also applied by Debian:
> > https://security-tracker.debian.org/tracker/CVE-2015-8629
> 
> Thanks for this, but I already updated mit-krb5 and applied fixes for
> these CVEs on the new 'security-updates' branch about 17 hours ago.
> 
> I'm sorry that your effort was wasted.

It's okay. Your version is much better!

> 
>  Mark

[PATCH 0/1] Fix CVE-2015-{8629, 8630, 8631}

[Leo Famulari]

These are upstream patches, also applied by Debian:
https://security-tracker.debian.org/tracker/CVE-2015-8629

Can somebody that actually uses mit-krb5 test and push? Or if you'd
rather just push, feel free.

By the way, I'm curious about this package's unusual method of applying
patches. Does anyone have any insight? I read the git history but it
doesn't give much detail on why the "normal" method doesn't work.

Leo Famulari (1):
  gnu: mit-krb5: Fix CVE-2015-{8629, 8630, 8631}.

 gnu-system.am |   3 +
 gnu/packages/mit-krb5.scm |   6 +-
 gnu/packages/patches/mit-krb5-CVE-2015-8629.patch |  29 ++
 gnu/packages/patches/mit-krb5-CVE-2015-8630.patch |  59 +++
 gnu/packages/patches/mit-krb5-CVE-2015-8631.patch | 550 ++
 5 files changed, 646 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/mit-krb5-CVE-2015-8629.patch
 create mode 100644 gnu/packages/patches/mit-krb5-CVE-2015-8630.patch
 create mode 100644 gnu/packages/patches/mit-krb5-CVE-2015-8631.patch

-- 
2.6.3

Re: [PATCH 0/1] Fix CVE-2015-{8629, 8630, 8631}

[Mark H Weaver]

Leo Famulari  writes:

> These are upstream patches, also applied by Debian:
> https://security-tracker.debian.org/tracker/CVE-2015-8629

Thanks for this, but I already updated mit-krb5 and applied fixes for
these CVEs on the new 'security-updates' branch about 17 hours ago.

I'm sorry that your effort was wasted.

 Mark