Message #5 received at submit@debbugs.gnu.org (full text, mbox, reply):
Received: (at submit) by debbugs.gnu.org; 14 Oct 2019 07:47:47 +0000 From debbugs-submit-bounces@debbugs.gnu.org Mon Oct 14 03:47:47 2019 Received: from localhost ([127.0.0.1]:38004 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>) id 1iJv51-000107-8J for submit@debbugs.gnu.org; Mon, 14 Oct 2019 03:47:47 -0400 Received: from lists.gnu.org ([209.51.188.17]:55225) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@gnu.org>) id 1iJv4z-0000z4-JT for submit@debbugs.gnu.org; Mon, 14 Oct 2019 03:47:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48403) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <ludo@gnu.org>) id 1iJv4y-0008BU-9M for bug-guix@gnu.org; Mon, 14 Oct 2019 03:47:45 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:470:142:3::e]:48240) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>) id 1iJv4y-0007Yu-5L for bug-guix@gnu.org; Mon, 14 Oct 2019 03:47:44 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=36064 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <ludo@gnu.org>) id 1iJv4s-0008El-Qq for bug-guix@gnu.org; Mon, 14 Oct 2019 03:47:43 -0400 From: Ludovic Courtès <ludo@gnu.org> To: bug-guix@gnu.org Subject: Per-user profile directory hijack (CVE-2019-17365 for Nix) X-Debbugs-Cc: guix-security@gnu.org, GNU Guix maintainers <guix-maintainers@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 23 Vendémiaire an 228 de la Révolution X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 14 Oct 2019 09:47:35 +0200 Message-ID: <87o8yjsr8o.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit@debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> X-Spam-Score: -3.3 (---)
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.