On 2024-03-16, Vagrant Cascadian wrote:
> For anyone with Guix or Nix installed, if I understand correctly, it
> basically allows arbitrarily replacing the source code for anything that
> you might build using Guix or Nix.
Yes, for multi-user systems and people running untrusted code in “guix
Control: severity 1066113 serious
On 2024-03-16, Vagrant Cascadian wrote:
> On 2024-03-15, Salvatore Bonaccorso wrote:
>> On Fri, Mar 15, 2024 at 11:22:52AM -0700, Vagrant Cascadian wrote:
>>> On 2024-03-13, Vagrant Cascadian wrote:
>>> > On 2024-03-12, Vagrant Cascadian wrote:
>>> >> On
On 2024-03-15, Salvatore Bonaccorso wrote:
> On Fri, Mar 15, 2024 at 11:22:52AM -0700, Vagrant Cascadian wrote:
>> On 2024-03-13, Vagrant Cascadian wrote:
>> > On 2024-03-12, Vagrant Cascadian wrote:
>> >> On 2024-03-12, Salvatore Bonaccorso wrote:
>> > I have now tested an updated 1.4.x package
Hi,
On Fri, Mar 15, 2024 at 11:22:52AM -0700, Vagrant Cascadian wrote:
> On 2024-03-13, Vagrant Cascadian wrote:
> > On 2024-03-12, Vagrant Cascadian wrote:
> >> On 2024-03-12, Salvatore Bonaccorso wrote:
> > I have now tested an updated 1.4.x package on bookworm and a 1.2.x
> > package on
On 2024-03-13, Vagrant Cascadian wrote:
> On 2024-03-12, Vagrant Cascadian wrote:
>> On 2024-03-12, Salvatore Bonaccorso wrote:
> I have now tested an updated 1.4.x package on bookworm and a 1.2.x
> package on bullseye, and the reproducer (with a small change for 1.2.x)
> was able to reproduce the
On 2024-03-12, Vagrant Cascadian wrote:
> On 2024-03-12, Salvatore Bonaccorso wrote:
>> The following vulnerability was published for guix.
>>
>> CVE-2024-27297[0]:
>> | Nix is a package manager for Linux and other Unix systems. A fixed-
>> | output derivations on Linux can send file descriptors
Control: clone -1 -2
Control: reassign -2 src:nix 2.18.1+dfsg-1
Control: retitle -2 nix: CVE-2024-27297
Hi,
On Tue, Mar 12, 2024 at 04:01:26PM -0700, Vagrant Cascadian wrote:
> Control: found 1066113 1.4.0-3
> Control: tags 1066113 pending
>
> On 2024-03-12, Salvatore Bonaccorso wrote:
> > The
Control: found 1066113 1.4.0-3
Control: tags 1066113 pending
On 2024-03-12, Salvatore Bonaccorso wrote:
> The following vulnerability was published for guix.
>
> CVE-2024-27297[0]:
> | Nix is a package manager for Linux and other Unix systems. A fixed-
> | output derivations on Linux can send
Source: guix
Version: 1.4.0-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1.2.0-4+deb11u1
Hi,
Vagrant, knowing that you are awaere already, but filling for having a
Debian bug tracking reference.
The following
9 matches
Mail list logo