This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Remove add-ons mechanism

From: "Andreas K. Huettel" <dilfridge at gentoo dot org>
To: libc-alpha at sourceware dot org
Cc: Joseph Myers <joseph at codesourcery dot com>, Florian Weimer <fweimer at redhat dot com>
Date: Thu, 05 Oct 2017 23:11:34 +0200
Subject: Re: Remove add-ons mechanism
Authentication-results: sourceware.org; auth=none
References: <alpine.DEB.2.20.1709281748010.30081@digraph.polyomino.org.uk> <d079cb89-4f6d-31a1-623e-277383d8fe3a@redhat.com> <alpine.DEB.2.20.1710051253180.18935@digraph.polyomino.org.uk>

Am Donnerstag, 5. Oktober 2017, 14:54:47 CEST schrieb Joseph Myers:
> On Thu, 5 Oct 2017, Florian Weimer wrote:
> > Their packaging is completely different from the libidn upstream releases.
> 
> And updating from the libidn upstream releases would be problematic given
> that it's a non-FSF-assigned project that has changed license.

So what strategy is best to short-term fix bugs that have already been 
addressed by libidn upstream?

A quick search finds (but I haven't checked all these in detail yet, nor do I 
claim the list is complete):
CVE-2015-2059, CVE-2015-8948, CVE-2016-6261, CVE-2016-6262, CVE-2016-6263

-- 
Andreas K. Hüttel
dilfridge@gentoo.org
Gentoo Linux developer (council, perl, libreoffice)

Attachment: signature.asc
Description: This is a digitally signed message part.

Follow-Ups:
- Re: Remove add-ons mechanism
  - From: Joseph Myers

References:
- Re: Remove add-ons mechanism
  - From: Florian Weimer
- Re: Remove add-ons mechanism
  - From: Joseph Myers

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]