Your search for tag:security

Hint

Refine your search with filters like is:open, author:me, submitter:me, severity:serious, tag:easy, date:2d..now, date:2012-04-18..2022-04-18, date:1m..today, and many more!

IDSubjectDate submittedStatus
70114patchsecurity[PATCH 0/1] Xz backdoor / JiaT75 cleanup for libarchiveSun Mar 31 13:49:25-0700 2024Done
60782securityChannels and dependency confusionFri Jan 13 05:49:25-0800 2023Open
57701securityRotated logs has insecure file permissionsFri Sep 09 08:13:24-0700 2022Open
50698patchsecurity[PATCH] WIP patches for recently-known hurd security vulnerabilitiesMon Sep 20 03:40:25-0700 2021Open
48146securityGetting diverted to non-updated branches: a limitation of the authentication mechanism?Sat May 01 14:40:24-0700 2021Open
48077securityassword superseded by impassWed Apr 28 01:40:24-0700 2021Open
47624securityVarious IP handling perl packages may be vulnerableTue Apr 06 12:05:25-0700 2021Open
47622securityvigra package is vulnerable to CVE-2021-30046Tue Apr 06 10:21:24-0700 2021Open
47584securitypatchRace condition in ‘copy-account-skeletons’: possible privilege escalation.Sat Apr 03 09:09:25-0700 2021Open
47576security[security] ibus-daemon launches ungrafted subprocessesFri Apr 02 21:45:24-0700 2021Open
47544securityrust-slice-deque is vulnerable to CVE-2021-29938Thu Apr 01 07:08:26-0700 2021Open
47188security"guix lint -c cve" does not account for language prefixes (rust-,python-,go-,..)Tue Mar 16 02:29:25-0700 2021Open
47144securitysecurity patching of 'patch' packageSun Mar 14 14:38:25-0700 2021Done
46959securitypatch[PATCH 0/1] WIP: gnu: newlib: Fix CVE-2021-3420.Fri Mar 05 21:04:25-0800 2021Open
44887securityopenssh service creates DSA keysThu Nov 26 07:15:25-0800 2020Done
44808securityDefault to allowing password authentication on leaves users vulnerableSun Nov 22 15:21:24-0800 2020Open
42299security‘guix lint’ should suggest CPE nameThu Jul 09 15:10:25-0700 2020Open
33966securityfcgiwrap: additional options for logging and unix domain socketsThu Jan 03 12:02:26-0800 2019Open
69728patchsecurity[PATCH security] daemon: Protect against FD escape when building fixed-output derivations (CVE-2024-27297).Mon Mar 11 03:54:24-0700 2024Done
66662securityReferences to ungrafted glibc retainedSat Oct 21 01:30:24-0700 2023Done
66658securitypatch[PATCH] gnu: nghttp2: Replace with 1.57.0.Fri Oct 20 21:21:25-0700 2023Done
66641securitypatch[PATCH 0/2] httpd: Update to 2.4.58. [security fixes]Thu Oct 19 07:54:25-0700 2023Done
66348patchsecurity[PATCH RFC] gnu: glibc: Fix CVE-2023-4911.Wed Oct 04 13:26:24-0700 2023Done
66304securityexim vulnearable to CVE-2023-42115 et alMon Oct 02 03:47:24-0700 2023Done
65832patchsecurity[PATCH] guix: shell: Don't whitelist / by typo in `shell-authorized-directories'.Fri Sep 08 13:49:24-0700 2023Done
62678securitypatch[PATCH] services: nginx: Harden php-location settings.Wed Apr 05 08:34:25-0700 2023Done
62624patchsecurity[PATCH] gnu: libexif: Update to 0.6.24. [fixes CVE-2020-0198, CVE-2020-0452]Sun Apr 02 11:04:25-0700 2023Done
55661security/etc/ssh/authorized_keys.d contains keys that have been removedThu May 26 08:02:24-0700 2022Done
55450securitybitlbee running as rootMon May 16 06:30:24-0700 2022Done
54414security[SECURITY] gnu: expat: Update to 2.4.7.Tue Mar 15 17:14:25-0700 2022Done
53608patchsecurity[PATCH 0/2] Rejecting commits unrelated to the introductory commitFri Jan 28 09:32:24-0800 2022Done
53607patchsecurity[PATCH] git-authenticate: Test introductory commit signature verification.Fri Jan 28 09:10:25-0800 2022Done
53549patchsecurity[PATCH] gnu: polkit: Fix CVE-2021-4034.Wed Jan 26 03:56:25-0800 2022Done
53545securitypatch[PATCH] gnu: util-linux: Fix CVE-2021-3995 and CVE-2021-3996.Tue Jan 25 21:25:24-0800 2022Done
50665securityDocker 19.03 is no longer receiving updates.Sat Sep 18 13:13:25-0700 2021Done
49817securitypatch[PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246].Sun Aug 01 15:32:24-0700 2021Done
48915securitypatch[PATCH] gnu: polkit: Graft a replacement for CVE-2021-3560.Tue Jun 08 01:45:25-0700 2021Done
48612securityExpat "billion laughs attack" vulnerability (CVE-2013-0340)Sun May 23 08:15:24-0700 2021Done
48304securitypatch[PATCH] gnu: expat: Update via graft.Sat May 08 16:28:24-0700 2021Done
48039patchsecurityxorg-server might be vulnerable to CVE-2021-3472Mon Apr 26 10:25:24-0700 2021Done
47729securityCVE-2021-30184 Arbitrary code execution in GNU Chess [security]Mon Apr 12 08:44:24-0700 2021Done
47674securitydnsmasq is vulnerable to CVE-2021-3448Fri Apr 09 08:10:24-0700 2021Done
47627securitysyncthing package is vulnerable to CVE-2021-21404Tue Apr 06 15:40:25-0700 2021Done
47614security[security] Chunked store references in .zo files in Racket 8Tue Apr 06 04:08:24-0700 2021Done
47563securitycurl is vulnerable to CVE-2021-22890 and CVE-2021-22876Fri Apr 02 07:04:25-0700 2021Done
47562securityjava-eclipse-jetty-* packages are vulnerable to CVE-2021-28165, CVE-2021-28164 and CVE-2021-28163 (also probably MANY others, 4y w/o upgrade)Fri Apr 02 03:37:24-0700 2021Done
47542securityfixedrust-stackvector package is vulnerable to CVE-2021-29939Thu Apr 01 06:47:25-0700 2021Done
47510securitycflow is vulnerable to CVE-2019-16165 and CVE-2019-16166Tue Mar 30 18:50:24-0700 2021Done
47509securityOpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475Tue Mar 30 18:47:25-0700 2021Done
47422securitytar is vulnerable to CVE-2021-20193Fri Mar 26 14:31:25-0700 2021Done
47420securitybinutils is vulnerable to CVE-2021-20197 (and various others)Fri Mar 26 13:41:24-0700 2021Done
47418securityimagemagick is vulnerable to CVE-2020-27829Fri Mar 26 12:52:25-0700 2021Done
47351securitypython-pygments@2.7.3 is vulnerable to at least CVE-2021-20270Tue Mar 23 16:20:25-0700 2021Done
47342securityjava-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351Tue Mar 23 07:33:25-0700 2021Done
47319securitypython-lxml is vulnerable to CVE-2021-28957Mon Mar 22 07:09:25-0700 2021Done
47259securitypython-pillow-simd package vulnerable to at least CVE-2021-25293Fri Mar 19 03:37:25-0700 2021Done
47257securitymariadb is vulnerable to CVE-2021-27928 (RCE)Fri Mar 19 03:25:25-0700 2021Done
47231securitysqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327Thu Mar 18 04:42:25-0700 2021Done
47229securityfixedLocal privilege escalation via guix-daemon and ‘--keep-failed’Thu Mar 18 04:17:25-0700 2021Done
47222securitySerious bug in Nettle's ecdsa_verifyWed Mar 17 17:23:24-0700 2021Done
47185securitygrub2 package is vulnerable to CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233 and CVE-2021-3418Tue Mar 16 01:08:43-0700 2021Done
47143securitypjproject package is vulnerable to CVE-2021-21375 and CVE-2020-15260Sun Mar 14 14:37:25-0700 2021Done
47142securitysquid package vulnerable to CVE-2021-28116Sun Mar 14 14:36:25-0700 2021Done
47141securityZabbix packages vulnerable to CVE-2021-27927Sun Mar 14 14:33:25-0700 2021Done
47140securitylibupnp package vulnerable to CVE-2021-28302Sun Mar 14 14:30:25-0700 2021Done
46631securityPython CVE-2021-3177Thu Feb 18 19:21:24-0800 2021Done
46602securityRemoving OpenSSL 1.0Wed Feb 17 13:26:24-0800 2021Done
46395fixedsecuritySetuid programs are setgid-root: possible local privilege escalationTue Feb 09 01:01:24-0800 2021Done
44146securityCVE-2020-15999 in FreeTypeThu Oct 22 09:48:24-0700 2020Done
41796securityGrafts don't handle outputs other than outWed Jun 10 15:32:24-0700 2020Done
41525securityCVE-2020-12762: json-cMon May 25 05:07:25-0700 2020Done
40405securitySystem log files are world readableFri Apr 03 06:19:25-0700 2020Done
38884securityguix system roll-back doesn't roll setuid-programs backThu Jan 02 16:48:25-0800 2020Done
38478securitypatchfixed[PATCH 0/4] "guix deploy" authenticates SSH servers [security]Tue Dec 03 13:10:25-0800 2019Done
37744securityInsecure permissions on /var/guix/profiles/per-user (CVE-2019-18192)Mon Oct 14 00:47:25-0700 2019Done
36910securityCVE patches for libmadSat Aug 03 08:17:26-0700 2019Done
36424securityexpat-2.2.7 for CVE-2018-20843Fri Jun 28 12:56:25-0700 2019Done
35716securityPassword security bugs in LUKS configuration during guided installMon May 13 08:11:25-0700 2019Done
34926securitypatch[PATCH] gnu: libssh2: Update to 1.8.1 with a graft [security fixes].Wed Mar 20 13:32:25-0700 2019Done
33988security[PATCH] gnu: libarchive: Replace with libarchive 3.3.3 and fix CVE-2018-{1000877, 1000878, 1000880}.Sat Jan 05 07:56:25-0800 2019Done
33933security[PATCH 0/4] gnu: libextractor: Fix CVE-2018-{20430,20431}.Sun Dec 30 15:16:24-0800 2018Done
33783securitypatch[PATCH] gnu: sqlite: Replace with 3.26.0 [security fixes].Mon Dec 17 18:54:25-0800 2018Done
33751securitySQLite "Magellan" vulnerabilityFri Dec 14 16:18:25-0800 2018Done
33733securityIrrelevant narinfo signatures are honoredThu Dec 13 14:44:24-0800 2018Done
33730patchsecurity[PATCH] gnu: Singularity: Update to 2.6.1 [fixes CVE-2018-19295].Thu Dec 13 12:49:24-0800 2018Done
33347patchsecurity[PATCH 0/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541].Sun Nov 11 11:04:25-0800 2018Done
33156securitypatch[PATCH] gnu: libmspack: Update to 0.8 [fixes CVE-2018-{18584, 18585, 18586}].Thu Oct 25 13:36:24-0700 2018Done
32997securityKodi phones home to check for updatesTue Oct 09 01:13:25-0700 2018Done
32957securityPython uses a bundled expatSat Oct 06 07:58:24-0700 2018Done
32878securityPython-3 CVE-2018-14647Sat Sep 29 12:23:25-0700 2018Done
32877securityPython-2 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-1000802Sat Sep 29 12:18:25-0700 2018Done
32515securityGhostscript and GNOME thumbnailing code execution vulnerabilitiesThu Aug 23 14:02:25-0700 2018Done
32181patchsecurity[PATCH] gnu: ghostscript: Fix CVE-2018-10194.Mon Jul 16 20:34:24-0700 2018Done
32179securitypatch[PATCH] gnu: CUPS: Update to 2.2.8 [fixes CVE-2018-{4180,4181}].Mon Jul 16 12:04:24-0700 2018Done
31831securityCVE-2018-0495 Key Extraction Side Channel in Multiple Crypto LibrariesThu Jun 14 12:23:25-0700 2018Done
31797patchfixedsecurity[PATCH] gnu: perl: Fix CVE-2018-12015.Tue Jun 12 02:25:25-0700 2018Done
30472patchsecurity[PATCH 0/6] gnu: java-fasterxml-*: Update to 2.9.4.Thu Feb 15 13:35:25-0800 2018Done
30378security[PATCH] gnu: mpv: Fix CVE-2018-6360.Tue Feb 06 22:53:25-0800 2018Done
30111securitypatch[PATCH] gnu: gcc@7: Use retpoline options when building itself.Sun Jan 14 05:09:24-0800 2018Done
30061securitypatch[PATCH] gnu: libvorbis: Fix CVE-2017-{14632,14633}.Wed Jan 10 01:08:24-0800 2018Done
29773securityurandom-seed-service should run earlier in the boot processTue Dec 19 11:14:24-0800 2017Done
28751securityGuixSD setuid-programs handling creates setuid binaries in the storeSun Oct 08 12:25:24-0700 2017Done
28294patchsecurity[PATCH] gnu: libxml2: Fix CVE-2017-{0663, 7375, 7376, 9047, 9048, 9049, 9050}.Wed Aug 30 06:32:25-0700 2017Done
28261securityfreeimage uses bundled librariesMon Aug 28 05:12:25-0700 2017Done
28077securitypatch[PATCH] gnu: qemu: Fix CVE-2017-{10664,10806,10911,11434}.Sun Aug 13 06:39:25-0700 2017Done
28058patchsecurity[PATCH] gnu: catdoc: Fix CVE-2017-11110.Fri Aug 11 14:52:24-0700 2017Done
27993securityOniguruma (PHP and Ruby) security issuesSun Aug 06 13:29:25-0700 2017Done
27809securitylibidn2 underscore stripping problemMon Jul 24 12:52:25-0700 2017Done
27808securityPHP CVE-2017-11144, CVE-2017-11145, CVE-2017-11362Mon Jul 24 11:57:24-0700 2017Done
27749patchsecuritygnu: heimdal: Update to 7.4.0.Tue Jul 18 01:27:24-0700 2017Done
27603patchsecurity[PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.Thu Jul 06 15:32:25-0700 2017Done
27519securityPodofo security bugsWed Jun 28 08:49:25-0700 2017Done
27463securityOCaml CVE-2017-9772Fri Jun 23 09:42:25-0700 2017Done
27462securityOCaml CVE-2015-8869Fri Jun 23 09:41:25-0700 2017Done
22883securityTrustable "guix pull"Wed Mar 02 10:04:26-0800 2016Done
70581securityPHP, glibc, and CVE-2024-2961Thu Apr 25 23:45:30-0700 2024Open
71000patchsecurity[PATCH] gnu: git: Update to 2.45.1Fri May 17 03:04:24-0700 2024Done
72173patchsecurity[PATCH] gnu: chicken: Update to 5.4.0.Thu Jul 18 02:00:24-0700 2024Open