GNU bug report logs - #69777
Please add a test for CVE-2024-27297

Package: guix;

Reported by: Vagrant Cascadian <vagrant <at> debian.org>

Date: Wed, 13 Mar 2024 15:31:02 UTC

Severity: normal

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Vagrant Cascadian <vagrant <at> debian.org>
To: bug-guix <at> gnu.org
Subject: Please add a test for CVE-2024-27297
Date: Wed, 13 Mar 2024 08:29:36 -0700

[Message part 1 (text/plain, inline)]

It would be really nice, especially for downstream distributors, if
there was a test for CVE-2024-27297.

There is working code to test this in the excellent blog post on the
subject, which is a likely good starting point!

  https://guix.gnu.org/en/blog/2024/fixed-output-derivation-sandbox-bypass-cve-2024-27297/

Super extra bonus points if the test is backwards compatible with guix
1.4 and 1.2 :)

live well,
  vagrant

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 1 year and 92 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #69777 Please add a test for CVE-2024-27297

GNU bug report logs - #69777
Please add a test for CVE-2024-27297