[bug#73919] Daemon vulnerability allowing takeover of build users

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#73919] Daemon vulnerability allowing takeover of build users

From:	Ludovic Courtès
Subject:	[bug#73919] Daemon vulnerability allowing takeover of build users
Date:	Mon, 21 Oct 2024 01:28:15 +0200
User-agent:	Gnus/5.13 (Gnus v5.13)

The two patches by Reepca have been pushed, followed by an update of the
‘guix’ package, followed by a news entry:

  c9e51ab38d * news: Add news entry for build user takeover vulnerability fix.
  5966e0fdc7 * gnu: guix: Update to 5ab3c4c.
  5ab3c4c1e4 * daemon: Sanitize successful build outputs prior to exposing them.
  558224140d * daemon: Sanitize failed build outputs prior to exposing them.

Now’s the time to upgrade your system!

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#73919] Daemon vulnerability allowing takeover of build users, Ludovic Courtès, 2024/10/20
- [bug#73919] Daemon vulnerability allowing takeover of build users, Ludovic Courtès <=
- [bug#73919] News entry, Reepca Russelstein, 2024/10/21
- [bug#73919] [PATCH guix-artwork] add security advisory post about recent vulnerability, Reepca Russelstein, 2024/10/21
  - [bug#73919] Daemon vulnerability allowing takeover of build users, Ludovic Courtès, 2024/10/21
    - [bug#73919] Daemon vulnerability allowing takeover of build users, Reepca Russelstein, 2024/10/23

Prev by Date: [bug#73196] [PATCH] services: postgresql-role: Add support for password files.
Next by Date: [bug#73921] [PATCH] svn-download: Add support for partial checkout.
Previous by thread: [bug#73919] Daemon vulnerability allowing takeover of build users
Next by thread: [bug#73919] News entry
Index(es):
- Date
- Thread