Branch: refs/heads/release-16.09 Home: https://github.com/NixOS/nixpkgs Commit: 723a5632e1244de13f9f31936346e6057f5435fc https://github.com/NixOS/nixpkgs/commit/723a5632e1244de13f9f31936346e6057f5435fc Author: Graham Christensen <gra...@grahamc.com> Date: 2017-02-08 (Wed, 08 Feb 2017)
Changed paths: M pkgs/tools/filesystems/ntfs-3g/default.nix Log Message: ----------- ntfs3g: patch for CVE-2017-0358 >From the Debian advisory: Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation. (cherry picked from commit 19f23d00fd91c68911c8bf8e7d8dc0e19a3faaaa)
_______________________________________________ nix-commits mailing list nix-comm...@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-commits