| Package | Source(s) | Maintainer(s) | |
|---|---|---|---|
| guix-patches | PTS Buildd Popcon |
Message #13 received at 69728@debbugs.gnu.org (full text, mbox, reply):
Received: (at 69728) by debbugs.gnu.org; 12 Mar 2024 00:44:12 +0000 From debbugs-submit-bounces@debbugs.gnu.org Mon Mar 11 20:44:12 2024 Received: from localhost ([127.0.0.1]:41485 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>) id 1rjqFX-0006B6-UN for submit@debbugs.gnu.org; Mon, 11 Mar 2024 20:44:12 -0400 Received: from mail-4316.protonmail.ch ([185.70.43.16]:45671) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <john.kehayias@protonmail.com>) id 1rjqFP-0006AH-Vc for 69728@debbugs.gnu.org; Mon, 11 Mar 2024 20:44:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1710204203; x=1710463403; bh=0LgM+/lGmkb18KDfs5kLtXccSJIPaTAfxqy1XlXvdCk=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=m5d3o4vzeFz1wkUQ1za8Cq7O0j9s0k5U8+20bJSTcEGi92dyKJ3mAcpEwedHeFBK2 zQzKfmAGAZvZMrQGu3k3hO7UXHC4YtfK/rQljX7tzufg17ZosCS0BBDn9UP3ThX0g1 KvX3/a+l17vkno2OTSiEBIo8zOX5T93yto/pNxOgv4OU1Wfn0pEMljULom2N43IszY bHeM/jXHVTxb5KKL98SBIHk1L1K0kl4Ic9dLpjDKmByFTAZbX/70+LA4h4iSkj7N8+ AnGguPkC4j5azYqBzZil0nJ6/roTiqUoZmKtGoH4QEeX+n2u4HMfDCDNmkxiMLLxvC oLImZ6XxCmdSQ== Date: Tue, 12 Mar 2024 00:42:58 +0000 To: Ludovic Courtès <ludo@gnu.org> From: John Kehayias <john.kehayias@protonmail.com> Subject: Re: bug#69728: [PATCH security] daemon: Protect against FD escape when building fixed-output derivations (CVE-2024-27297). Message-ID: <87o7bk2sc6.fsf@protonmail.com> In-Reply-To: <87frwwo1mo.fsf@gnu.org> References: <f541e64f128d82e6d9eca3b1d40e833dc06fd968.1710154382.git.ludo@gnu.org> <87frwwo1mo.fsf@gnu.org> Feedback-ID: 7805494:user:proton MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="b1_v9MImMNBpPThzWrxGvqTjxdi8tCRgZnkdE9D8lqlmSc" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 69728 Cc: Picnoir <picnoir@alternativebit.fr>, guix-security@gnu.org, Théophane Hufschmitt <theophane.hufschmitt@tweag.io>, 69728@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit@debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> X-Spam-Score: -1.0 (-)
[Message part 1 (text/plain, inline)]
[cve-2024-27297-post.md (application/octet-stream, attachment)]
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.