*** Feksclaus has quit IRC | 00:37 | |
*** _mavric has quit IRC | 02:52 | |
*** __mavric has joined #crux-devel | 02:53 | |
*** nrxtx has quit IRC | 05:46 | |
Romster | jue, libpcre has 2 CVE's CVE-2015-3210 and CVE-2015-5073 | 07:06 |
---|---|---|
Romster | https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-libs/libpcre/files/libpcre-8.37-CVE-2015-3210.patch?revision=1.1 | 07:06 |
Romster | https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-libs/libpcre/files/libpcre-8.37-CVE-2015-5073.patch | 07:06 |
Romster | or frinnst or teK__ who ever has access to core | 07:06 |
Romster | frinnst, you probably want to edit thunderbird and remove/add this to match up with firefox | 07:28 |
Romster | -ac_add_options --enable-tree-freetype | 07:28 |
Romster | +ac_add_options --enable-pic | 07:29 |
Romster | i also sorted the items | 07:30 |
Romster | https://gist.github.com/therealromster/31f068feec5b18448c96 | 07:30 |
Romster | or maybe that tree-freetype needs to be changed in thunderbird 39? | 07:33 |
Romster | my system is a little behind on updates like freetype. | 07:33 |
jue | good morning | 07:34 |
Romster | morning jue | 07:35 |
Romster | frinnst, yeah scratch removing --enable-tree-freetype until thunderbird 39.x | 07:35 |
jue | Romster: guess our patch libpcre/01-seven-... covers all security issues, or are the two patches you find additional stuff? | 07:38 |
Romster | oh i didn't see that... | 07:39 |
Romster | and i'm not sure | 07:39 |
Romster | let me guess that was taken off master svn at the time | 07:41 |
Romster | then i guess it is covered if that diff was made recent enough. | 07:43 |
Romster | https://bugs.exim.org/show_bug.cgi?id=1636 Reported: 2015-05-29 08:45 | 07:44 |
Romster | https://bugs.exim.org/show_bug.cgi?id=1651 Reported: 2015-06-23 06:29 | 07:45 |
Romster | 2015-06-07 Fredrik Rinnestam[notify] libpcre: Fixes several security vulnerabilities | 07:46 |
Romster | so i'll say it's probably not covered going by those dates. | 07:46 |
Romster | and if there is 7 serurity issues there were are the CVEs assigned to them? | 07:47 |
Romster | s/were/where | 07:47 |
Romster | unless they got fixed before being reported. | 07:48 |
Romster | http://www.linuxfromscratch.org/blfs/view/svn/general/pcre.html doens't even offer any patch | 07:49 |
Romster | looks like frinnst got the patch from here https://projects.archlinux.org/svntogit/packages.git/log/trunk/01-seven-security-patches.patch?h=packages/pcre&showmsg=1 | 07:56 |
Romster | https://bugs.archlinux.org/task/45207 | 07:56 |
Romster | git-svn-id: file:///srv/repos/svn-packages/svn@240351 eb2447ed-0c53-47e4-bac8-5bc4a241df78 | 07:56 |
Romster | seems CVE-2015-3210 is covered but no mention of CVE-2015-5073 | 07:58 |
Romster | so i should use that 01-seven-security-patches.patch place in place of CVE-2015-3210 | 08:00 |
jue | I'd say so, will apply the other patch later | 08:03 |
Romster | i'll wait on your advice beofre i do that if it's ok to use 01-seven-security-patches.patch and libpcre-8.37-CVE-2015-5073.patch ? | 08:03 |
Romster | before* | 08:04 |
jue | ok | 08:04 |
Romster | i'd like to keep in line with core/libpcre | 08:05 |
jue | so, i'm back now | 08:49 |
Romster | ta jue id did the same change too. | 08:56 |
Romster | for libpcre-32 | 08:56 |
jue | very good :) | 09:00 |
Romster | i was looking at other stuff and i just happened to stumble upon that. | 09:16 |
*** jue has joined #crux-devel | 09:45 | |
*** Romster has quit IRC | 12:37 | |
*** Romster has joined #crux-devel | 12:38 | |
*** Feksclaus has joined #crux-devel | 12:54 | |
*** Feksclaus has quit IRC | 13:21 | |
frinnst | there were a bunch of security issues with pcre reported a while back. no fixes were available at that time | 15:16 |
*** Romster has quit IRC | 16:28 | |
*** Romster has joined #crux-devel | 16:28 | |
*** Romster has quit IRC | 18:46 | |
*** Romster has joined #crux-devel | 18:47 | |
*** crash_ has quit IRC | 19:44 | |
*** frinnst has quit IRC | 19:59 | |
*** frinnst has joined #crux-devel | 20:00 | |
*** crash_ has joined #crux-devel | 21:32 | |
*** nrxtx has joined #crux-devel | 21:36 | |
*** nrxtx has quit IRC | 21:36 | |
*** nrxtx has joined #crux-devel | 21:36 | |
*** crash_ has quit IRC | 21:43 | |
*** crash_ has joined #crux-devel | 22:01 |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!