[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
From: |
Tobias Geerinckx-Rice |
Subject: |
bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix) |
Date: |
Thu, 17 Oct 2019 21:01:39 +0200 |
Ludo',
Ludovic Courtès 写道:
See https://issues.guix.gnu.org/issue/37744
Will this be automatically linkified?
This issue was initially [reported by Michael Orlitzky for
Nix](https://www.openwall.com/lists/oss-security/2019/10/09/4)
([CVE-2019-17365](https://nvd.nist.gov/vuln/detail?vulnId=CVE-2019-17365)).
# Fix
The [fix](https://issues.guix.gnu.org/issue/37744) consists in
letting
From the Oxford Dictionaries:
1 (consist of) be composed or made up of
(consist in) have as an essential feature
TIL.
# Upgrading
On multi-user systems, we recommend upgrading the daemon now.
To upgrade the daemon on a “foreign distro”, run something along
these
Imperialist nitpick: why list the foreigners first? :-)
Anti-imperialist nitpick: reversing the two allows using ‘other
distributions’ instead of ‘foreign’ which always sounds a bit
dismissive to my ears.
End nitpick.
Thank you for taking care of this from start to finish,
T G-R
signature.asc
Description: PGP signature
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), (continued)
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), pelzflorian (Florian Pelz), 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), pelzflorian (Florian Pelz), 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), pelzflorian (Florian Pelz), 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/17
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix),
Tobias Geerinckx-Rice <=
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/17
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Bengt Richter, 2019/10/17
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/18
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Bengt Richter, 2019/10/18
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Julien Lepiller, 2019/10/16