GNU bug report logs - #37744
Insecure permissions on /var/guix/profiles/per-user (CVE-2019-18192)

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Mon, 14 Oct 2019 07:48:02 UTC

Severity: important

Tags: security

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: "pelzflorian \(Florian Pelz\)" <pelzflorian <at> pelzflorian.de>
Cc: 37744 <at> debbugs.gnu.org
Subject: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Date: Wed, 16 Oct 2019 23:39:37 +0200

Hi Florian,

"pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de> skribis:

>>From 14d4d176bae1e67c627a169c881720f3f9fb3904 Mon Sep 17 00:00:00 2001
> From: Florian Pelz <pelzflorian <at> pelzflorian.de>
> Date: Wed, 16 Oct 2019 16:37:27 +0200
> Subject: [PATCH] nls: Update 'de' translation of news entries.
>
> * etc/news.scm: Add new 'de' translation.

I committed this with minor changes (removed “sudo”, etc.), but the
translation corresponds to the first version of the entry.  Please feel
free to commit changes directly to update it!

Thanks,
Ludo’.

This bug report was last modified 5 years and 300 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #37744 Insecure permissions on /var/guix/profiles/per-user (CVE-2019-18192)

GNU bug report logs - #37744
Insecure permissions on /var/guix/profiles/per-user (CVE-2019-18192)