Re: [PATCH] gnu: ntfs-3g: Fix CVE-2017-0358.

2017-02-09 Thread Marius Bakke
Kei Kebreau writes: > Marius Bakke writes: > >> Leo Famulari writes: >> >>> On Thu, Feb 09, 2017 at 11:39:42PM +0100, Marius Bakke wrote: Kei Kebreau writes: > Reviewers, how does this patch

Re: [PATCH] gnu: ntfs-3g: Fix CVE-2017-0358.

2017-02-09 Thread Kei Kebreau
Marius Bakke writes: > Leo Famulari writes: > >> On Thu, Feb 09, 2017 at 11:39:42PM +0100, Marius Bakke wrote: >>> Kei Kebreau writes: >>> >>> > Reviewers, how does this patch look to you? >>> >>> AFAIU from CVE-2017-0358,

Re: [PATCH] gnu: ntfs-3g: Fix CVE-2017-0358.

2017-02-09 Thread Marius Bakke
Leo Famulari writes: > On Thu, Feb 09, 2017 at 11:39:42PM +0100, Marius Bakke wrote: >> Kei Kebreau writes: >> >> > Reviewers, how does this patch look to you? >> >> AFAIU from CVE-2017-0358, ntfs-3g is only vulnerable when installed >> setuid root,

Re: [PATCH] gnu: ntfs-3g: Fix CVE-2017-0358.

2017-02-09 Thread Leo Famulari
On Thu, Feb 09, 2017 at 11:39:42PM +0100, Marius Bakke wrote: > Kei Kebreau writes: > > > Reviewers, how does this patch look to you? > > AFAIU from CVE-2017-0358, ntfs-3g is only vulnerable when installed > setuid root, which is not the case on guix. > > FWIW Debian do

Re: [PATCH] gnu: ntfs-3g: Fix CVE-2017-0358.

2017-02-09 Thread Marius Bakke
Kei Kebreau writes: > Reviewers, how does this patch look to you? AFAIU from CVE-2017-0358, ntfs-3g is only vulnerable when installed setuid root, which is not the case on guix. FWIW Debian do not carry this patch, but have fixed the CVE according to the changelog. So I

[PATCH] gnu: ntfs-3g: Fix CVE-2017-0358.

2017-02-09 Thread Kei Kebreau
Reviewers, how does this patch look to you? From 2de5fc0267f94bf933f1e52dc8ef348bd3f78059 Mon Sep 17 00:00:00 2001 From: Kei Kebreau <k...@openmailbox.org> Date: Thu, 9 Feb 2017 16:31:25 -0500 Subject: [PATCH] gnu: ntfs-3g: Fix CVE-2017-0358. * gnu/packages/linux.scm (ntfs-3g)[source]: Add