bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)

From:	Ludovic Courtès
Subject:	bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Date:	Thu, 17 Oct 2019 22:25:58 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)

Hallo!

Tobias Geerinckx-Rice <address@hidden> skribis:

> Ludovic Courtès 写道：
>> See https://issues.guix.gnu.org/issue/37744
>
> Will this be automatically linkified?

Yes, I think so.

>> # Upgrading
>>
>> On multi-user systems, we recommend upgrading the daemon now.
>>
>> To upgrade the daemon on a “foreign distro”, run something along
>> these
>
> Imperialist nitpick: why list the foreigners first?  :-)
>
> Anti-imperialist nitpick: reversing the two allows using ‘other
> distributions’ instead of ‘foreign’ which always sounds a bit
> dismissive to my ears.
>
> End nitpick.

That makes sense to me; I’m not satisfied with “foreign” either (I think
the inspiration came from FFIs, but still).  Maybe “fellow distros”?
:-)

I’ve received the CVE ID (CVE-2019-18192) just now so I’ve added it to
the article and pushed it.

It should show up on line shortly.

Thank you for your feedback!

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), (continued)

Prev by Date: bug#37799: dbus-system
Next by Date: bug#37492: GUIXSD 1.0.1 install error
Previous by thread: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Next by thread: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Index(es):
- Date
- Thread