| Message ID | 20210130042045.16727-1-rprior@protonmail.com |
|---|---|
| Headers | show
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 7816527BC1F; Sat, 30 Jan 2021 04:22:12 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id D02B727BC1E for <patchwork@mira.cbaines.net>; Sat, 30 Jan 2021 04:22:10 +0000 (GMT) Received: from localhost ([::1]:59656 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>) id 1l5hlx-0002md-SD for patchwork@mira.cbaines.net; Fri, 29 Jan 2021 23:22:09 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:51608) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1l5hlr-0002mH-0x for guix-patches@gnu.org; Fri, 29 Jan 2021 23:22:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:41761) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1l5hlq-0003CT-Pv for guix-patches@gnu.org; Fri, 29 Jan 2021 23:22:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1l5hlq-000691-LA for guix-patches@gnu.org; Fri, 29 Jan 2021 23:22:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#46183] [PATCH 0/1] Update gcrypt [URGENT SECURITY ISSUE] Resent-From: Ryan Prior <rprior@protonmail.com> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 30 Jan 2021 04:22:02 +0000 Resent-Message-ID: <handler.46183.B.161198046623343@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 46183 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 46183@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.161198046623343 (code B ref -1); Sat, 30 Jan 2021 04:22:02 +0000 Received: (at submit) by debbugs.gnu.org; 30 Jan 2021 04:21:06 +0000 Received: from localhost ([127.0.0.1]:53307 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>) id 1l5hkv-00064P-U3 for submit@debbugs.gnu.org; Fri, 29 Jan 2021 23:21:06 -0500 Received: from lists.gnu.org ([209.51.188.17]:53804) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <rprior@protonmail.com>) id 1l5hkq-00063J-I1 for submit@debbugs.gnu.org; Fri, 29 Jan 2021 23:21:04 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:51486) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <rprior@protonmail.com>) id 1l5hkq-0002jY-BY for guix-patches@gnu.org; Fri, 29 Jan 2021 23:21:00 -0500 Received: from mail-40134.protonmail.ch ([185.70.40.134]:30466) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <rprior@protonmail.com>) id 1l5hkn-0002ab-Dv for guix-patches@gnu.org; Fri, 29 Jan 2021 23:20:59 -0500 Date: Sat, 30 Jan 2021 04:20:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t=1611980452; bh=9/iHJ2V0lDK3sOdy99EZhsWUOWGoe+E2w1MuDqMWcFY=; h=Date:To:From:Reply-To:Subject:From; b=wW8sSQTas6BCyVONHCCW+RJwpHiswoeBPOqgBjDPM7XZgcI+OuwCAqnLpj6ARDBJK eHTp00MbSMjr8GSDbfDxKP8FlDnJHU3zxvQlbaoe+0GH/49io21b96TDANoU6HylpQ 4qEWRaoHTrHRQshvhM132tOLsBvic8+6ecQgbapo= Message-ID: <20210130042045.16727-1-rprior@protonmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=185.70.40.134; envelope-from=rprior@protonmail.com; helo=mail-40134.protonmail.ch X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: <guix-patches.gnu.org> List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=unsubscribe> List-Archive: <https://lists.gnu.org/archive/html/guix-patches> List-Post: <mailto:guix-patches@gnu.org> List-Help: <mailto:guix-patches-request@gnu.org?subject=help> List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=subscribe> Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> Reply-to: Ryan Prior <rprior@protonmail.com> X-ACL-Warn: , Ryan Prior via Guix-patches <guix-patches@gnu.org> From: guix-patches--- via <guix-patches@gnu.org> X-getmail-retrieved-from-mailbox: Patches |
Hi Ryan, Am Samstag, den 30.01.2021, 04:20 +0000 schrieb Ryan Prior: > Hi Guix! Please review ASAP. This update fixes an exploitable heap > overflow. > > https://dev.gnupg.org/T5275 > > https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html I have some good news and some bad news. The good news is, that according to your sources this affects only version 1.9.0, so master is currently safe. The bad news is, that libgcrypt has more than 10000 dependants, so an update for it should go to core-updates. Regards, Leo