mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2026-05-25 02:21:49 +02:00
gnu: heimdal: Apply patch to fix CVE-2022-45142.
Several recent Heimdal releases are affected by the serious vulnerability CVE-2022-45142, which NIST scored as "7.5 HIGH". [1] At the time of writing, the upstream developers had not yet cut any releases post-7.8.0, which is why the patch is being applied here. The patch was extracted from Helmut Grohne's public vulnerability disclosure. [2] [1] https://nvd.nist.gov/vuln/detail/CVE-2022-45142 [2] https://www.openwall.com/lists/oss-security/2023/02/08/1 * gnu/packages/patches/heimdal-CVE-2022-45142.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/kerberos.scm (heimdal)[source]: Apply it. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
This commit is contained in:
Felix Lechner
committed by
Maxim Cournoyer
Maxim Cournoyer
parent
789554cb76
commit
691f17a8cc
@@ -1328,6 +1328,7 @@ dist_patch_DATA = \
|
||||
%D%/packages/patches/hdf-eos5-remove-gctp.patch \
|
||||
%D%/packages/patches/hdf-eos5-fix-szip.patch \
|
||||
%D%/packages/patches/hdf-eos5-fortrantests.patch \
|
||||
%D%/packages/patches/heimdal-CVE-2022-45142.patch \
|
||||
%D%/packages/patches/helm-fix-gcc-9-build.patch \
|
||||
%D%/packages/patches/http-parser-CVE-2020-8287.patch \
|
||||
%D%/packages/patches/htslib-for-stringtie.patch \
|
||||
|
||||
Reference in New Issue
Block a user