bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)

From:	Tobias Geerinckx-Rice
Subject:	bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Date:	Thu, 17 Oct 2019 21:01:39 +0200

Ludo',

Ludovic Courtès 写道：

See https://issues.guix.gnu.org/issue/37744


Will this be automatically linkified?

This issue was initially [reported by Michael Orlitzky for
Nix](https://www.openwall.com/lists/oss-security/2019/10/09/4)
([CVE-2019-17365](https://nvd.nist.gov/vuln/detail?vulnId=CVE-2019-17365)).

# Fix

The [fix](https://issues.guix.gnu.org/issue/37744) consists inletting


From the Oxford Dictionaries:
   1 (consist of) be composed or made up of
     (consist in) have as an essential feature

TIL.

# Upgrading

On multi-user systems, we recommend upgrading the daemon now.
To upgrade the daemon on a “foreign distro”, run something alongthese


Imperialist nitpick: why list the foreigners first?  :-)

Anti-imperialist nitpick: reversing the two allows using ‘otherdistributions’ instead of ‘foreign’ which always sounds a bitdismissive to my ears.


End nitpick.

Thank you for taking care of this from start to finish,

T G-R

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), (continued)

Prev by Date: bug#37789: guix pull: error: You found a bug: the program
Next by Date: bug#37799: dbus-system failed
Previous by thread: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Next by thread: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Index(es):
- Date
- Thread