[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#70022] [PATCH 0/2] Binary Installation: Add more distros
|
From: |
pelzflorian (Florian Pelz) |
|
Subject: |
[bug#70022] [PATCH 0/2] Binary Installation: Add more distros |
|
Date: |
Fri, 05 Apr 2024 17:23:25 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Hello Denis,
Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> writes:
> Hi,
>
> About the local privilege escalation, is there any hints on how to fix
> it beside updating guix with 'guix pull'?
Thinking more about it, I guess the Binary Installation documentation
should inform that one can install from distribution packages or from
guix-install.sh, depending on who should be responsible for security
updates.
> For instance were there distributions that somehow backported the
> patch, in order not to have a security issue when you do 'apt install
> guix' or pamcan -S guix for instance?
>
> I'm asking because while I'm not the AUR maintainer of the 'guix'
> package, I know PKGBUILDs well enough to be able to send a patch if I
> find the time (and also update the Parabola package along the way).
Thank you for your offer. Following hyperlinks from
<https://security-tracker.debian.org/tracker/CVE-2024-27297>, I find on
<https://udd.debian.org/patches.cgi?src=guix&version=1.4.0-6> security
patches that Vagrant cherry-picked from the Guix commits that address
the vulnerability. Similar to how Guix often takes patches from Debian,
you could take the patches from Guix too or indirectly from Debian.
Regards,
Florian