[bug#73919] Daemon vulnerability allowing takeover of build users

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#73919] Daemon vulnerability allowing takeover of build users

From:	Reepca Russelstein
Subject:	[bug#73919] Daemon vulnerability allowing takeover of build users
Date:	Wed, 23 Oct 2024 13:20:45 -0500
User-agent:	Gnus/5.13 (Gnus v5.13)

Ludovic Courtès <ludo@gnu.org> writes:

>> From 22adb50845bf4af7b1d6fd78e2515c3387356ce1 Mon Sep 17 00:00:00 2001
>> From: Reepca Russelstein <reepca@russelstein.xyz>
>> Date: Mon, 21 Oct 2024 00:04:32 -0500
>> Subject: [PATCH] website: Add 2024-10-21 security advisory post
>>
>> * website/posts/2024-10-21-security-advisory.md: new file.
>
> I pushed this patch a few hours ago and followed up with minor edits:
>
>   https://guix.gnu.org/blog/2024/build-user-takeover-vulnerability/
>

Thanks, the changes look good, except for one part:

> Your are strongly advised

- reepca

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#73919] Daemon vulnerability allowing takeover of build users, Ludovic Courtès, 2024/10/20
- [bug#73919] Daemon vulnerability allowing takeover of build users, Ludovic Courtès, 2024/10/20
- [bug#73919] News entry, Reepca Russelstein, 2024/10/21
- [bug#73919] [PATCH guix-artwork] add security advisory post about recent vulnerability, Reepca Russelstein, 2024/10/21
  - [bug#73919] Daemon vulnerability allowing takeover of build users, Ludovic Courtès, 2024/10/21
    - [bug#73919] Daemon vulnerability allowing takeover of build users, Reepca Russelstein <=

Prev by Date: [bug#73974] [PATCH] gnu: libusb-compat: Fix upstream hash mismatch.
Next by Date: [bug#73974] [PATCH] gnu: libusb-compat: Fix upstream hash mismatch.
Previous by thread: [bug#73919] Daemon vulnerability allowing takeover of build users
Next by thread: [bug#73920] [PATCH] gnu: swig-next; Update to 4.3.0.
Index(es):
- Date
- Thread