| Package | Source(s) | Maintainer(s) | |
|---|---|---|---|
| guix-patches | PTS Buildd Popcon |
Message #5 received at submit@debbugs.gnu.org (full text, mbox, reply):
Received: (at submit) by debbugs.gnu.org; 11 Aug 2017 21:52:34 +0000
From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 11 17:52:34 2017
Received: from localhost ([127.0.0.1]:56074 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
id 1dgHr2-00032x-Hr
for submit@debbugs.gnu.org; Fri, 11 Aug 2017 17:52:34 -0400
Received: from eggs.gnu.org ([208.118.235.92]:42341)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <alexvong1995@gmail.com>) id 1dgHqw-00032h-Tc
for submit@debbugs.gnu.org; Fri, 11 Aug 2017 17:52:26 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <alexvong1995@gmail.com>) id 1dgHqo-00027a-Us
for submit@debbugs.gnu.org; Fri, 11 Aug 2017 17:52:17 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level:
X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_05,
FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,T_DKIM_INVALID autolearn=disabled
version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:54231)
by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
(Exim 4.71) (envelope-from <alexvong1995@gmail.com>)
id 1dgHqo-00027T-RE
for submit@debbugs.gnu.org; Fri, 11 Aug 2017 17:52:14 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:33257)
by lists.gnu.org with esmtp (Exim 4.71)
(envelope-from <alexvong1995@gmail.com>) id 1dgHqn-0005si-0Q
for guix-patches@gnu.org; Fri, 11 Aug 2017 17:52:14 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <alexvong1995@gmail.com>) id 1dgHql-00026D-Ia
for guix-patches@gnu.org; Fri, 11 Aug 2017 17:52:13 -0400
Received: from mail-pf0-x236.google.com ([2607:f8b0:400e:c00::236]:35989)
by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
(Exim 4.71) (envelope-from <alexvong1995@gmail.com>)
id 1dgHqf-0001yd-9L; Fri, 11 Aug 2017 17:52:05 -0400
Received: by mail-pf0-x236.google.com with SMTP id c28so20478155pfe.3;
Fri, 11 Aug 2017 14:52:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:subject:date:message-id:user-agent:mime-version;
bh=bjHOPVM11oO7uA0+91CLyt9E7hx5PRy9a7eHagqZ8nI=;
b=Wvod0fMXZiAy3kU7YTc8h3uA9fbbFeLt2qHgMDIsrsqG4OMlKpCZEa4zTw3kqgalpT
5fikRlTRjEvRJAZKzne5RS7jSLUoZWkxK9MXbURIR+OJj2u047qZfFKGUO5lY5Uvo9Hu
kfSMX6Fa0KOv5ZBd7gj7mEwP2U7SI2cBMxWj0Kth8NtU6+hI45uxEuEgHnygspLoW9Sf
YqJd23lFCRAvinvQEEwbUg2Pk76BE6t4UdFEQg+dg6oFNdknzq+WB3hdsLRzmJ0qgD1B
IUhyrlx5pPbGUEhbvF7yMGb8t61nu5IXRyEWkOjZp4OBBhlc0aqx8Xze/6V6BCngwOBP
8SNQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:subject:date:message-id:user-agent
:mime-version;
bh=bjHOPVM11oO7uA0+91CLyt9E7hx5PRy9a7eHagqZ8nI=;
b=NsyE/YQwwroMlPVVtLhVtYlVk6CmObv8yjLLeNEY4aMU1nbLPsyf2uBKOV9eL+2u9C
4NlULuvw/jf4Vwfjq7wAaiuv0Q58PosLN0Ldf/G543ox5x7OZEaqF/lEXZM2A3A2aU3P
JzfVx7X8NEk9lx03u1t8VtukhGSDWaTTGVvpm3SjmKdTjo9Wk6l0MUXR/z1MUsPjEsGv
q0XZV8sxY4zWopcVc1P/TyULEqXKYVc2RoC2wbA4yPAHVr50WT4/vbJTs1ZhzEbPG492
tmfDmKg4wG+LpO1wusCq4b/75Pc+g4nOhT001GxLfC8+Z7ANIImLwWXildlxj3ORlXnE
F7gg==
X-Gm-Message-State: AHYfb5jYXarLgt4lnzBpdyYiWBR2LlVIPvp4YRLGtvfm5mQcFPR6VnOB
bWANe9/OS3KHQw==
X-Received: by 10.99.39.135 with SMTP id n129mr4051167pgn.36.1502488322560;
Fri, 11 Aug 2017 14:52:02 -0700 (PDT)
Received: from debian (pcd372024.netvigator.com. [203.218.162.24])
by smtp.gmail.com with ESMTPSA id c7sm3479876pfa.174.2017.08.11.14.51.59
(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
Fri, 11 Aug 2017 14:52:00 -0700 (PDT)
From: Alex Vong <alexvong1995@gmail.com>
To: guix-patches@gnu.org, guix-devel@gnu.org
Subject: [PATCH] gnu: catdoc: Fix CVE-2017-11110.
Date: Sat, 12 Aug 2017 05:51:45 +0800
Message-ID: <87zib5pyby.fsf@gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
recognized.
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -3.8 (---)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 1.2 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Severity: important Tags: patch security Hello, This patch
fixes the latest CVE of catdoc. The upstream repo[0] is not updated for more
than a year, so I grab the patch from openSUSE instead (which is also used
by Debian). [...]
Content analysis details: (1.2 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit (alexvong1995[at]gmail.com)
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(alexvong1995[at]gmail.com)
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
[Message part 1 (text/plain, inline)]
[0001-gnu-catdoc-Fix-CVE-2017-11110.patch (text/x-diff, inline)]
[Message part 3 (text/plain, inline)]
[signature.asc (application/pgp-signature, inline)]
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.