bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)

From:	Ludovic Courtès
Subject:	bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Date:	Wed, 16 Oct 2019 15:25:56 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)

Hello!

In addition to the news entry that ‘guix pull’ will display, we may want
to publicize the issue.  In particular, should we:

  1. Apply for a new CVE?

  2. Post an article on the blog to explain in detail what happened?
     That should probably include an analysis like that at
     <https://www.openwall.com/lists/oss-security/2019/10/09/4>, given
     that Guix does things not entirely like Nix here.

  3. Email that analysis to oss-security?

  4. Push a new release?

I’m tempted to think that we should do 1 to 3, as quickly as we can.
Help welcome, in particular on #2!

As for #4, I think we should push a new release soon anyway, but maybe
not just specifically for this issue since it can be addressed simply by
upgrading.

Thoughts?

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/14
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/14
  - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/14
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Maxim Cournoyer, 2019/10/14
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/15
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/15
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès <=
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), pelzflorian (Florian Pelz), 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), pelzflorian (Florian Pelz), 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Julien Lepiller, 2019/10/16

Prev by Date: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Next by Date: bug#37775: Python 2.7 not configured for Tk
Previous by thread: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Next by thread: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Index(es):
- Date
- Thread