From 4fc61dac3ce201c72b312a6cfed5b3d4b96850f7 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 28 Nov 2017 17:51:05 +0100 Subject: [PATCH] gnu: libxcursor: Replace with 1.1.15 [fixes CVE-2017-16612]. * gnu/packages/xorg.scm (libxcursor-1.1.15): New public variable. (libxcursor)[replacement]: New field. --- gnu/packages/xorg.scm | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 994476ed63..1c1ddd4bf1 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -5307,6 +5307,7 @@ draggable titlebars and borders.") (package (name "libxcursor") (version "1.1.14") + (replacement libxcursor-1.1.15) (source (origin (method url-fetch) @@ -5339,6 +5340,18 @@ draggable titlebars and borders.") (description "Xorg Cursor management library.") (license license:x11))) +;; For CVE-2017-16612. +(define-public libxcursor-1.1.15 + (package + (inherit libxcursor) + (version "1.1.15") + (source (origin + (method url-fetch) + (uri (string-append "mirror://xorg/individual/lib/libXcursor-" + version ".tar.bz2")) + (sha256 + (base32 + "0syzlfvh29037p0vnlc8f3jxz8nl55k65blswsakklkwsc6nfki9")))))) (define-public libxt (package