unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
* bug#69777: Please add a test for CVE-2024-27297
@ 2024-03-13 15:29 Vagrant Cascadian
  2024-03-13 23:10 ` Vagrant Cascadian
  0 siblings, 1 reply; 2+ messages in thread
From: Vagrant Cascadian @ 2024-03-13 15:29 UTC (permalink / raw)
  To: 69777

[-- Attachment #1: Type: text/plain, Size: 424 bytes --]

It would be really nice, especially for downstream distributors, if
there was a test for CVE-2024-27297.

There is working code to test this in the excellent blog post on the
subject, which is a likely good starting point!

  https://guix.gnu.org/en/blog/2024/fixed-output-derivation-sandbox-bypass-cve-2024-27297/

Super extra bonus points if the test is backwards compatible with guix
1.4 and 1.2 :)

live well,
  vagrant

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-03-13 23:11 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-03-13 15:29 bug#69777: Please add a test for CVE-2024-27297 Vagrant Cascadian
2024-03-13 23:10 ` Vagrant Cascadian

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).