GNU bug report logs -
#70022
[PATCH 0/2] Binary Installation: Add more distros.
Previous Next
Full log
View this message in rfc822 format
Hello Denis,
Denis 'GNUtoo' Carikli <GNUtoo <at> cyberdimension.org> writes:
> Hi,
>
> About the local privilege escalation, is there any hints on how to fix
> it beside updating guix with 'guix pull'?
Thinking more about it, I guess the Binary Installation documentation
should inform that one can install from distribution packages or from
guix-install.sh, depending on who should be responsible for security
updates.
> For instance were there distributions that somehow backported the
> patch, in order not to have a security issue when you do 'apt install
> guix' or pamcan -S guix for instance?
>
> I'm asking because while I'm not the AUR maintainer of the 'guix'
> package, I know PKGBUILDs well enough to be able to send a patch if I
> find the time (and also update the Parabola package along the way).
Thank you for your offer. Following hyperlinks from
<https://security-tracker.debian.org/tracker/CVE-2024-27297>, I find on
<https://udd.debian.org/patches.cgi?src=guix&version=1.4.0-6> security
patches that Vagrant cherry-picked from the Guix commits that address
the vulnerability. Similar to how Guix often takes patches from Debian,
you could take the patches from Guix too or indirectly from Debian.
Regards,
Florian
This bug report was last modified 1 year and 37 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.