On Tue, 1 Dec 2020 08:12:40 +0200 belgin <belginsti...@hotmail.com> wrote:
> Hello! > > > The issue with packages/apps/Messaging is that we have 3 CVE if we > > revert to 0dabdec1f6f6f90b6a0cd45646bdbf5fa79cde74: > > > $ git log \ > > > 0dabdec1f6f6f90b6a0cd45646bdbf5fa79cde74..replicant-6.0-0004-rc3 > > > | \ grep -i CVE > > > CVE-2017-0780 > > > CVE-2017-0494 > > > CVE-2017-0476 > > These CVEs can be patched as follows: > > First, cd into packages/apps/Messaging > > For CVE-2017-0780 > git format-patch -1 20f6e4dc2fdadcf88cb8b48276169da47a913f9f > git apply 0001-37742976-Catch-bad-gifs.patch > > For CVE-2017-0494 > git format-patch -1 78cb8b00ee024cfdf383912695e30d9c2cb64f7d > git apply \ > 0001-32764144-Security-Vulnerability-heap-buffer-overflow.patch > > For CVE-2017-0476 > git format-patch -1 62371f2e4bfe3d54f2b79fe55bbb423642a235d2 > git apply \ > 0001-33388925-Mismatched-new-vs-delete-in-framesequence-l.patch Thanks, my mistake, I didn't think that with all theses changes on top they could apply cleanly. But in fact they did apply cleanly. I've now pushed the cherry-picked patches pushed them, and pushed the manifest as well. So normally everything should be merged now. Though we can still modify things if needed since we force pushed to the replicant-6.0 branches anyway. Denis.
pgpcvg39EBdjR.pgp
Description: OpenPGP digital signature
_______________________________________________ Replicant mailing list Replicant@osuosl.org https://lists.osuosl.org/mailman/listinfo/replicant
