M gnu/local.mk => gnu/local.mk +2 -1
@@ 9,6 9,7 @@
# Copyright © 2016 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org>
# Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
# Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
+# Copyright © 2016, 2017 Alex Vong <alexvong1995@gmail.com>
#
# This file is part of GNU Guix.
#
@@ 656,7 657,7 @@ dist_patch_DATA = \
%D%/packages/patches/kobodeluxe-midicon-segmentation-fault.patch \
%D%/packages/patches/kobodeluxe-graphics-window-signed-char.patch \
%D%/packages/patches/laby-make-install.patch \
- %D%/packages/patches/lcms-fix-out-of-bounds-read.patch \
+ %D%/packages/patches/lcms-CVE-2016-10165.patch \
%D%/packages/patches/ldc-disable-tests.patch \
%D%/packages/patches/ldc-1.1.0-disable-dmd-tests.patch \
%D%/packages/patches/ldc-1.1.0-disable-phobos-tests.patch \
M gnu/packages/ghostscript.scm => gnu/packages/ghostscript.scm +1 -1
@@ 45,7 45,7 @@
(method url-fetch)
(uri (string-append "mirror://sourceforge/lcms/lcms/" version
"/lcms2-" version ".tar.gz"))
- (patches (search-patches "lcms-fix-out-of-bounds-read.patch"))
+ (patches (search-patches "lcms-CVE-2016-10165.patch"))
(sha256 (base32
"08pvl289g0mbznzx5l6ibhaldsgx41kwvdn2c974ga9fkli2pl36"))))
(build-system gnu-build-system)
R gnu/packages/patches/lcms-fix-out-of-bounds-read.patch => gnu/packages/patches/lcms-CVE-2016-10165.patch +3 -1
@@ 1,7 1,9 @@
-Fix an out-of-bounds heap read in Type_MLU_Read():
+Fix CVE-2016-10165, an out-of-bounds heap read in Type_MLU_Read():
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165
http://seclists.org/oss-sec/2016/q3/288
https://bugzilla.redhat.com/show_bug.cgi?id=1367357
+https://security-tracker.debian.org/tracker/CVE-2016-10165
Patch copied from upstream source repository: