summary refs log tree commit diff
path: root/gnu/packages/compression.scm
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2018-04-15 17:48:37 +0200
committerMarius Bakke <mbakke@fastmail.com>2018-04-16 18:02:14 +0200
commitd0ee11b2f000c3c027fd8370bc2195266398444f (patch)
treed978992c603555f48ee6540ca5dd4a58ac3105d9 /gnu/packages/compression.scm
parent452454e30cfde183bb3b8954b844a9d6c9f81bcc (diff)
downloadguix-d0ee11b2f000c3c027fd8370bc2195266398444f.tar.gz
gnu: sharutils: Fix CVE-2018-1000097.
* gnu/packages/patches/sharutils-CVE-2018-1000097.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/compression.scm (sharutils)[source](patches): Use it.
Diffstat (limited to 'gnu/packages/compression.scm')
-rw-r--r--gnu/packages/compression.scm1
1 files changed, 1 insertions, 0 deletions
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index f312e47177..562a2bf8b7 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -533,6 +533,7 @@ decompressors when faced with corrupted input.")
       (method url-fetch)
       (uri (string-append "mirror://gnu/sharutils/sharutils-"
                           version ".tar.xz"))
+      (patches (search-patches "sharutils-CVE-2018-1000097.patch"))
       (sha256
        (base32
         "16isapn8f39lnffc3dp4dan05b7x6mnc76v6q5nn8ysxvvvwy19b"))))