From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp1.migadu.com ([2001:41d0:303:e224::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms1.migadu.com with LMTPS
	id 0KAqFL5NK2ZwcwEA62LTzQ:P1
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 26 Apr 2024 08:46:22 +0200
Received: from aspmx1.migadu.com ([2001:41d0:303:e224::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1.migadu.com with LMTPS
	id 0KAqFL5NK2ZwcwEA62LTzQ
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 26 Apr 2024 08:46:22 +0200
X-Envelope-To: larch@yhetil.org
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=loang.net header.s=default header.b=OwYJSxpp;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=none) header.from=gnu.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1714113982;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post:dkim-signature;
	bh=D8uAUsG5rzYaKX3jUZL5JknVpaDuuKM9HneVWiP5Y5k=;
	b=SoKaItD4IPPhVq7LacC+2fWeGWrDcRFEDxA8weMzZ587RumzIln4S9M8qCfy0KtXzZq0HS
	h5IIehDhV9ZnVxB0iejQO1zkguT+f9JOfQvUqBW1lH+SVxCtu/ppDqC0F/KGPfJ9zhGnND
	anFwozapFLnGjZaVGWEqCC8zKMfUh6ntzQefwswyTuL2y6AzgONDFbQKRk/z5aX2XCe73L
	VuJrIA3+J1MHoHOOaTnSw7EtClsRE+Z40HJWwoXx717TXrcXFjk/ClX5g7OOQJo4+8zrGo
	VvMosci7nrgxHOXZB5KQTySd51qW/klcz/eWFIuUEfCdKAaf6ZlXnsagAyrEcQ==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1714113982; a=rsa-sha256; cv=none;
	b=c/6ogsJ6SauYKsHANI8QNp3qLUlXeF/S7/wY6ffKHKYH4GIeUOadTtXZ8Ey2hZgHIP/uNn
	j5fEqBBxHxrRhuR1QU0PqOQgnNdCbGNxhvcdnifsqEkPpFYWMlL2mAFzmOtkCQlo1hYxVc
	LTiLI1MwODAVfjYdvFWzo0d1wwFZewqUIbWPiYf5ZOe6i/cWckAjdHPfchdES6DWPpWaSZ
	ylmdGZ52PeMnHfgn32ewm/pueQHtIpRDMMgo2+R06MDFOqBcteZk8Cvb6zrB3miEWcD3XV
	c6NwXfqy8ZmgIFYMECr25/sfLFPZM7EJXqaSf97KnbIAES1/rgnTE3OP4jZS0Q==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=loang.net header.s=default header.b=OwYJSxpp;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=none) header.from=gnu.org
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 127BE31AED
	for <larch@yhetil.org>; Fri, 26 Apr 2024 08:46:22 +0200 (CEST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces@gnu.org>)
	id 1s0FLH-0007sU-PO; Fri, 26 Apr 2024 02:45:55 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1s0FLD-0007rz-IW
 for bug-guix@gnu.org; Fri, 26 Apr 2024 02:45:52 -0400
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1s0FLD-0004kx-AW
 for bug-guix@gnu.org; Fri, 26 Apr 2024 02:45:51 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1s0FLV-0007Px-5f
 for bug-guix@gnu.org; Fri, 26 Apr 2024 02:46:09 -0400
X-Loop: help-debbugs@gnu.org
Subject: bug#70581: PHP, glibc, and CVE-2024-2961
Resent-From: "McSinyx" <cnx@loang.net>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Fri, 26 Apr 2024 06:46:07 +0000
Resent-Message-ID: <handler.70581.B.171411393128036@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 70581
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 70581@debbugs.gnu.org
X-Debbugs-Original-To: <bug-guix@gnu.org>
Received: via spool by submit@debbugs.gnu.org id=B.171411393128036
 (code B ref -1); Fri, 26 Apr 2024 06:46:07 +0000
Received: (at submit) by debbugs.gnu.org; 26 Apr 2024 06:45:31 +0000
Received: from localhost ([127.0.0.1]:33648 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1s0FKs-0007I5-MB
 for submit@debbugs.gnu.org; Fri, 26 Apr 2024 02:45:31 -0400
Received: from lists.gnu.org ([2001:470:142::17]:59610)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <cnx@loang.net>) id 1s0FKq-0007GL-76
 for submit@debbugs.gnu.org; Fri, 26 Apr 2024 02:45:29 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <cnx@loang.net>) id 1s0FKP-0007Xb-E2
 for bug-guix@gnu.org; Fri, 26 Apr 2024 02:45:01 -0400
Received: from tem.loang.net ([2a03:3b40:100::1:2])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <cnx@loang.net>) id 1s0FKN-0004TU-Jx
 for bug-guix@gnu.org; Fri, 26 Apr 2024 02:45:01 -0400
DKIM-Signature: a=rsa-sha256; bh=D8uAUsG5rzYaKX3jUZL5JknVpaDuuKM9HneVWiP5Y5k=; 
 c=relaxed/relaxed; d=loang.net;
 h=Subject:Subject:Sender:To:To:Cc:From:From:Date:Date:MIME-Version:MIME-Version:Content-Type:Content-Type:Content-Transfer-Encoding:Content-Transfer-Encoding:Reply-To:In-Reply-To:Message-Id:Message-Id:References:Autocrypt:Openpgp;
 i=@loang.net; s=default; t=1714113892; v=1; x=1714545892;
 b=OwYJSxppqBcz3exTR3jxl6tG2Icl/SJOjaXXEg23WWBJ6UQvqP7Zfcjk/dhnOKUTSi0KUyaN
 S9pj4c5oRj+srP2I0qBQBXui1KYW01FO9b0r6BCgGDETwuKSBA43VLMHQXweZMCPeXxZr1qZTwh
 Mb8AxT7BwEdZ0NEg4/Iadg2lGdeVd1trlVekt/yVobR+SYnn616dUUzZ3pHNPWQ7HrW2fH+5vL4
 8Fd20q6l8VNkMd4sX49MIIGwfL14JUc6Psmv5r5UeMNgOSRpZDCzmcHYtwg54StBqC3ISBKOhlw
 fJAyoQT6aqA06RoZ/I2b9NDxuT71eTMWy1hRIeHpOaYKQ==
Received: by tem.loang.net (envelope-sender <cnx@loang.net>) with ESMTPS id
 6b865c07; Fri, 26 Apr 2024 06:44:52 +0000
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8
Date: Fri, 26 Apr 2024 15:44:50 +0900
Message-Id: <D0TUHV4220TM.G0XZHTPBKVOQ@guix>
X-Mailer: aerc 0.15.2
Received-SPF: pass client-ip=2a03:3b40:100::1:2; envelope-from=cnx@loang.net; 
 helo=tem.loang.net
X-Spam_score_int: -13
X-Spam_score: -1.4
X-Spam_bar: -
X-Spam_report: (-1.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 SPF_HELO_SOFTFAIL=0.732, SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Reply-to:  "McSinyx" <cnx@loang.net>
From:  "McSinyx" via Bug reports for GNU Guix <bug-guix@gnu.org>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: bug-guix-bounces+larch=yhetil.org@gnu.org
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
X-Migadu-Spam-Score: -5.39
X-Spam-Score: -5.39
X-Migadu-Queue-Id: 127BE31AED
X-Migadu-Scanner: mx12.migadu.com
X-TUID: m6w+uNdZU9+f

Hello Guix,

Last week, an overflow bug in glibc's iconv(3) was discovered:
https://www.openwall.com/lists/oss-security/2024/04/17/9

It may enable remove code execution through PHP.  Due to
the immutable nature of Guix, is it possible to hotpatch
this using graft, or do we need to rebuild to world?
https://rockylinux.org/news/glibc-vulnerability-april-2024/

Kind regards,
McSinyx