On Wed, Aug 17, 2016 at 12:44:29AM -0400, Leo Famulari wrote: > On Tue, Aug 16, 2016 at 11:29:11PM -0500, Eric Bavier wrote: > > On Tue, 16 Aug 2016 22:49:55 -0400 > > Leo Famulari <l...@famulari.name> wrote: > > > > > * gnu/packages/patches/cracklib-CVE-2016-6318.patch: New file. > > > * gnu/local.mk (dist_patch_DATA): Add it. > > > * gnu/packages/password-utils.scm (cracklib)[source]: Use the patch. > > > --- > > > gnu/local.mk | 1 + > > > gnu/packages/password-utils.scm | 2 + > > > gnu/packages/patches/cracklib-CVE-2016-6318.patch | 95 > > > +++++++++++++++++++++++ > > > 3 files changed, 98 insertions(+) > > > create mode 100644 gnu/packages/patches/cracklib-CVE-2016-6318.patch > > > > LGTM! Thanks for getting the patch so quick. > > Thanks for the fast review! Pushed as 53dcbbec07c
It seems this story is not over. SuSE identified another buffer overflow: http://seclists.org/oss-sec/2016/q3/370 What do people think of the patch linked from that message?