GNU bug report logs - #33730
[PATCH] gnu: Singularity: Update to 2.6.1 [fixes CVE-2018-19295].

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Thu, 13 Dec 2018 20:50:01 UTC

Severity: normal

Tags: patch, security

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 33730 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Leo Famulari <leo <at> famulari.name>
Cc: 33730 <at> debbugs.gnu.org
Subject: Re: [bug#33730] [PATCH] gnu: Singularity: Update to 2.6.1 [fixes
 CVE-2018-19295].
Date: Thu, 13 Dec 2018 23:52:09 +0100

Hi Leo,

Leo Famulari <leo <at> famulari.name> skribis:

> Our Singularity package is not vulnerable to CVE-2018-19295 by default,
> becuase that vulnerability is based on the 'mount', 'start', and
> 'action' Singularity binaries being installed setuid, which we do not do
> in Guix.
>
> * gnu/packages/linux.scm (singularity): Update to 2.6.1.

LGTM.  Thanks for the patch and for the analysis!

Ludo’.

This bug report was last modified 6 years and 160 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #33730 [PATCH] gnu: Singularity: Update to 2.6.1 [fixes CVE-2018-19295].

GNU bug report logs - #33730
[PATCH] gnu: Singularity: Update to 2.6.1 [fixes CVE-2018-19295].