diff options
| author | Mark H Weaver <mhw@netris.org> | 2016-02-27 08:52:23 -0500 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2016-02-27 08:52:23 -0500 |
| commit | 048ec1a8b092a87de08bfe410be65642522b63ed (patch) | |
| tree | 1279c4fa3fd09805dbfe06be3514879aa38d503e /gnu/packages/curl.scm | |
| parent | fe5f687284889eeff3c1b73edab0aa26e58c3bc5 (diff) | |
| parent | b35461748b20d0172744974b39e7d9d033400c51 (diff) | |
| download | guix-048ec1a8b092a87de08bfe410be65642522b63ed.tar.gz | |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/curl.scm')
| -rw-r--r-- | gnu/packages/curl.scm | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 222910b655..46e0fa0f16 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -54,7 +54,16 @@ (inputs `(("gnutls" ,gnutls) ("gss" ,gss) ("libidn" ,libidn) - ("libssh2" ,libssh2) + + ;; XXX libssh2-1.4 is a temporary package for use only by curl, + ;; to allow most users of libssh2 to get the security update for + ;; CVE-2016-7087 while postponing the large number of rebuilds + ;; entailed by updating curl. Soon, curl should be updated to + ;; use the latest libssh2 and libssh2-1.4 should be removed. + + ;; XXX libssh2-1.4 is vulnerable to CVE-2016-0787. + ("libssh2" ,libssh2-1.4) + ("openldap" ,openldap) ("zlib" ,zlib))) (native-inputs |