GNU bug report logs - #57546
[PATCH core-updates] gnu: xz: Update to 5.2.6 [security fix].

Previous Next

Package: guix-patches;

Reported by: Greg Hogan <code <at> greghogan.com>

Date: Fri, 2 Sep 2022 17:24:01 UTC

Severity: normal

Tags: patch

Done: Marius Bakke <marius <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 57546 in the body.
You can then email your comments to 57546 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#57546; Package guix-patches. (Fri, 02 Sep 2022 17:24:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Greg Hogan <code <at> greghogan.com>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Fri, 02 Sep 2022 17:24:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Greg Hogan <code <at> greghogan.com>
To: guix-patches <at> gnu.org
Cc: Greg Hogan <code <at> greghogan.com>
Subject: [PATCH core-updates] gnu: xz: Update to 5.2.6 [security fix].
Date: Fri,  2 Sep 2022 17:22:57 +0000

Includes fix for CVE-2022-1271.

* gnu/packages/compression.scm (xz): Update to 5.2.6.
---
 gnu/packages/compression.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 9e0a132cfc..501db8f38b 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -484,7 +484,7 @@ (define-public pbzip2
 (define-public xz
   (package
    (name "xz")
-   (version "5.2.5")
+   (version "5.2.6")
    (source (origin
             (method url-fetch)
             (uri (list (string-append "http://tukaani.org/xz/xz-" version
@@ -493,7 +493,7 @@ (define-public xz
                                       version ".tar.gz")))
             (sha256
              (base32
-              "045s9agl3bpv3swlwydhgsqh7791957vmgw2plw8f1rks07r3x7n"))))
+              "185kj56a996d04d943xisvpifvnsbr7iplyf2nyjxkbvw6z5l452"))))
    (build-system gnu-build-system)
    (arguments
     `(#:phases
-- 
2.37.2
Reply sent to Marius Bakke <marius <at> gnu.org>:
You have taken responsibility. (Thu, 08 Sep 2022 19:53:02 GMT) Full text and rfc822 format available.
Notification sent to Greg Hogan <code <at> greghogan.com>:
bug acknowledged by developer. (Thu, 08 Sep 2022 19:53:02 GMT) Full text and rfc822 format available.

Message #10 received at 57546-done <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <marius <at> gnu.org>
To: Greg Hogan <code <at> greghogan.com>, 57546-done <at> debbugs.gnu.org
Cc: Greg Hogan <code <at> greghogan.com>
Subject: Re: [bug#57546] [PATCH core-updates] gnu: xz: Update to 5.2.6
 [security fix].
Date: Thu, 08 Sep 2022 21:51:56 +0200

[Message part 1 (text/plain, inline)]
Greg Hogan <code <at> greghogan.com> skriver:

> Includes fix for CVE-2022-1271.
>
> * gnu/packages/compression.scm (xz): Update to 5.2.6.

Pushed in d4485c5af7b6f0412b5d536eff62d0c666a5dbe6, thanks!

[signature.asc (application/pgp-signature, inline)]
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Fri, 07 Oct 2022 11:24:09 GMT) Full text and rfc822 format available.
This bug report was last modified 1 year and 194 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.