Your search for tag:security

Hint

Refine your search with filters like is:open, author:me, submitter:me, severity:serious, tag:easy, date:2d..now, date:2012-04-18..2022-04-18, date:1m..today, and many more!

IDSubjectDate submittedStatus
60782securityChannels and dependency confusionFri Jan 13 14:49:25+0100 2023Open
57701securityRotated logs has insecure file permissionsFri Sep 09 17:13:24+0200 2022Open
50698patchsecurity[PATCH] WIP patches for recently-known hurd security vulnerabilitiesMon Sep 20 12:40:25+0200 2021Open
48146securityGetting diverted to non-updated branches: a limitation of the authentication mechanism?Sat May 01 23:40:24+0200 2021Open
48077securityassword superseded by impassWed Apr 28 10:40:24+0200 2021Open
47624securityVarious IP handling perl packages may be vulnerableTue Apr 06 21:05:25+0200 2021Open
47622securityvigra package is vulnerable to CVE-2021-30046Tue Apr 06 19:21:24+0200 2021Open
47584securitypatchRace condition in ‘copy-account-skeletons’: possible privilege escalation.Sat Apr 03 18:09:25+0200 2021Open
47576security[security] ibus-daemon launches ungrafted subprocessesSat Apr 03 06:45:24+0200 2021Open
47544securityrust-slice-deque is vulnerable to CVE-2021-29938Thu Apr 01 16:08:26+0200 2021Open
47188security"guix lint -c cve" does not account for language prefixes (rust-,python-,go-,..)Tue Mar 16 10:29:25+0100 2021Open
47144securitysecurity patching of 'patch' packageSun Mar 14 22:38:25+0100 2021Open
46959securitypatch[PATCH 0/1] WIP: gnu: newlib: Fix CVE-2021-3420.Sat Mar 06 06:04:25+0100 2021Open
44887securityopenssh service creates DSA keysThu Nov 26 16:15:25+0100 2020Open
44808securityDefault to allowing password authentication on leaves users vulnerableMon Nov 23 00:21:24+0100 2020Open
42299security‘guix lint’ should suggest CPE nameFri Jul 10 00:10:25+0200 2020Open
33966securityfcgiwrap: additional options for logging and unix domain socketsThu Jan 03 21:02:26+0100 2019Open
62678securitypatch[PATCH] services: nginx: Harden php-location settings.Wed Apr 05 17:34:25+0200 2023Done
62624patchsecurity[PATCH] gnu: libexif: Update to 0.6.24. [fixes CVE-2020-0198, CVE-2020-0452]Sun Apr 02 20:04:25+0200 2023Done
55661security/etc/ssh/authorized_keys.d contains keys that have been removedThu May 26 17:02:24+0200 2022Done
55450securitybitlbee running as rootMon May 16 15:30:24+0200 2022Done
54414security[SECURITY] gnu: expat: Update to 2.4.7.Wed Mar 16 01:14:25+0100 2022Done
53608patchsecurity[PATCH 0/2] Rejecting commits unrelated to the introductory commitFri Jan 28 18:32:24+0100 2022Done
53607patchsecurity[PATCH] git-authenticate: Test introductory commit signature verification.Fri Jan 28 18:10:25+0100 2022Done
53549patchsecurity[PATCH] gnu: polkit: Fix CVE-2021-4034.Wed Jan 26 12:56:25+0100 2022Done
53545securitypatch[PATCH] gnu: util-linux: Fix CVE-2021-3995 and CVE-2021-3996.Wed Jan 26 06:25:24+0100 2022Done
50665securityDocker 19.03 is no longer receiving updates.Sat Sep 18 22:13:25+0200 2021Done
49817securitypatch[PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246].Mon Aug 02 00:32:24+0200 2021Done
48915securitypatch[PATCH] gnu: polkit: Graft a replacement for CVE-2021-3560.Tue Jun 08 10:45:25+0200 2021Done
48612securityExpat "billion laughs attack" vulnerability (CVE-2013-0340)Sun May 23 17:15:24+0200 2021Done
48304securitypatch[PATCH] gnu: expat: Update via graft.Sun May 09 01:28:24+0200 2021Done
48039patchsecurityxorg-server might be vulnerable to CVE-2021-3472Mon Apr 26 19:25:24+0200 2021Done
47729securityCVE-2021-30184 Arbitrary code execution in GNU Chess [security]Mon Apr 12 17:44:24+0200 2021Done
47674securitydnsmasq is vulnerable to CVE-2021-3448Fri Apr 09 17:10:24+0200 2021Done
47627securitysyncthing package is vulnerable to CVE-2021-21404Wed Apr 07 00:40:25+0200 2021Done
47614security[security] Chunked store references in .zo files in Racket 8Tue Apr 06 13:08:24+0200 2021Done
47563securitycurl is vulnerable to CVE-2021-22890 and CVE-2021-22876Fri Apr 02 16:04:25+0200 2021Done
47562securityjava-eclipse-jetty-* packages are vulnerable to CVE-2021-28165, CVE-2021-28164 and CVE-2021-28163 (also probably MANY others, 4y w/o upgrade)Fri Apr 02 12:37:24+0200 2021Done
47542securityfixedrust-stackvector package is vulnerable to CVE-2021-29939Thu Apr 01 15:47:25+0200 2021Done
47510securitycflow is vulnerable to CVE-2019-16165 and CVE-2019-16166Wed Mar 31 03:50:24+0200 2021Done
47509securityOpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475Wed Mar 31 03:47:25+0200 2021Done
47422securitytar is vulnerable to CVE-2021-20193Fri Mar 26 22:31:25+0100 2021Done
47420securitybinutils is vulnerable to CVE-2021-20197 (and various others)Fri Mar 26 21:41:24+0100 2021Done
47418securityimagemagick is vulnerable to CVE-2020-27829Fri Mar 26 20:52:25+0100 2021Done
47351securitypython-pygments@2.7.3 is vulnerable to at least CVE-2021-20270Wed Mar 24 00:20:25+0100 2021Done
47342securityjava-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351Tue Mar 23 15:33:25+0100 2021Done
47319securitypython-lxml is vulnerable to CVE-2021-28957Mon Mar 22 15:09:25+0100 2021Done
47259securitypython-pillow-simd package vulnerable to at least CVE-2021-25293Fri Mar 19 11:37:25+0100 2021Done
47257securitymariadb is vulnerable to CVE-2021-27928 (RCE)Fri Mar 19 11:25:25+0100 2021Done
47231securitysqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327Thu Mar 18 12:42:25+0100 2021Done
47229securityfixedLocal privilege escalation via guix-daemon and ‘--keep-failed’Thu Mar 18 12:17:25+0100 2021Done
47222securitySerious bug in Nettle's ecdsa_verifyThu Mar 18 01:23:24+0100 2021Done
47185securitygrub2 package is vulnerable to CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233 and CVE-2021-3418Tue Mar 16 09:08:43+0100 2021Done
47143securitypjproject package is vulnerable to CVE-2021-21375 and CVE-2020-15260Sun Mar 14 22:37:25+0100 2021Done
47142securitysquid package vulnerable to CVE-2021-28116Sun Mar 14 22:36:25+0100 2021Done
47141securityZabbix packages vulnerable to CVE-2021-27927Sun Mar 14 22:33:25+0100 2021Done
47140securitylibupnp package vulnerable to CVE-2021-28302Sun Mar 14 22:30:25+0100 2021Done
46631securityPython CVE-2021-3177Fri Feb 19 04:21:24+0100 2021Done
46602securityRemoving OpenSSL 1.0Wed Feb 17 22:26:24+0100 2021Done
46395fixedsecuritySetuid programs are setgid-root: possible local privilege escalationTue Feb 09 10:01:24+0100 2021Done
44146securityCVE-2020-15999 in FreeTypeThu Oct 22 18:48:24+0200 2020Done
41796securityGrafts don't handle outputs other than outThu Jun 11 00:32:24+0200 2020Done
41525securityCVE-2020-12762: json-cMon May 25 14:07:25+0200 2020Done
40405securitySystem log files are world readableFri Apr 03 15:19:25+0200 2020Done
38884securityguix system roll-back doesn't roll setuid-programs backFri Jan 03 01:48:25+0100 2020Done
38478securitypatchfixed[PATCH 0/4] "guix deploy" authenticates SSH servers [security]Tue Dec 03 22:10:25+0100 2019Done
37744securityInsecure permissions on /var/guix/profiles/per-user (CVE-2019-18192)Mon Oct 14 09:47:25+0200 2019Done
36910securityCVE patches for libmadSat Aug 03 17:17:26+0200 2019Done
36424securityexpat-2.2.7 for CVE-2018-20843Fri Jun 28 21:56:25+0200 2019Done
35716securityPassword security bugs in LUKS configuration during guided installMon May 13 17:11:25+0200 2019Done
34926securitypatch[PATCH] gnu: libssh2: Update to 1.8.1 with a graft [security fixes].Wed Mar 20 21:32:25+0100 2019Done
33988security[PATCH] gnu: libarchive: Replace with libarchive 3.3.3 and fix CVE-2018-{1000877, 1000878, 1000880}.Sat Jan 05 16:56:25+0100 2019Done
33933security[PATCH 0/4] gnu: libextractor: Fix CVE-2018-{20430,20431}.Mon Dec 31 00:16:24+0100 2018Done
33783securitypatch[PATCH] gnu: sqlite: Replace with 3.26.0 [security fixes].Tue Dec 18 03:54:25+0100 2018Done
33751securitySQLite "Magellan" vulnerabilitySat Dec 15 01:18:25+0100 2018Done
33733securityIrrelevant narinfo signatures are honoredThu Dec 13 23:44:24+0100 2018Done
33730patchsecurity[PATCH] gnu: Singularity: Update to 2.6.1 [fixes CVE-2018-19295].Thu Dec 13 21:49:24+0100 2018Done
33347patchsecurity[PATCH 0/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541].Sun Nov 11 20:04:25+0100 2018Done
33156securitypatch[PATCH] gnu: libmspack: Update to 0.8 [fixes CVE-2018-{18584, 18585, 18586}].Thu Oct 25 22:36:24+0200 2018Done
32997securityKodi phones home to check for updatesTue Oct 09 10:13:25+0200 2018Done
32957securityPython uses a bundled expatSat Oct 06 16:58:24+0200 2018Done
32878securityPython-3 CVE-2018-14647Sat Sep 29 21:23:25+0200 2018Done
32877securityPython-2 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-1000802Sat Sep 29 21:18:25+0200 2018Done
32515securityGhostscript and GNOME thumbnailing code execution vulnerabilitiesThu Aug 23 23:02:25+0200 2018Done
32181patchsecurity[PATCH] gnu: ghostscript: Fix CVE-2018-10194.Tue Jul 17 05:34:24+0200 2018Done
32179securitypatch[PATCH] gnu: CUPS: Update to 2.2.8 [fixes CVE-2018-{4180,4181}].Mon Jul 16 21:04:24+0200 2018Done
31831securityCVE-2018-0495 Key Extraction Side Channel in Multiple Crypto LibrariesThu Jun 14 21:23:25+0200 2018Done
31797patchfixedsecurity[PATCH] gnu: perl: Fix CVE-2018-12015.Tue Jun 12 11:25:25+0200 2018Done
30472patchsecurity[PATCH 0/6] gnu: java-fasterxml-*: Update to 2.9.4.Thu Feb 15 22:35:25+0100 2018Done
30378security[PATCH] gnu: mpv: Fix CVE-2018-6360.Wed Feb 07 07:53:25+0100 2018Done
30111securitypatch[PATCH] gnu: gcc@7: Use retpoline options when building itself.Sun Jan 14 14:09:24+0100 2018Done
30061securitypatch[PATCH] gnu: libvorbis: Fix CVE-2017-{14632,14633}.Wed Jan 10 10:08:24+0100 2018Done
29773securityurandom-seed-service should run earlier in the boot processTue Dec 19 20:14:24+0100 2017Done
28751securityGuixSD setuid-programs handling creates setuid binaries in the storeSun Oct 08 21:25:24+0200 2017Done
28294patchsecurity[PATCH] gnu: libxml2: Fix CVE-2017-{0663, 7375, 7376, 9047, 9048, 9049, 9050}.Wed Aug 30 15:32:25+0200 2017Done
28261securityfreeimage uses bundled librariesMon Aug 28 14:12:25+0200 2017Done
28077securitypatch[PATCH] gnu: qemu: Fix CVE-2017-{10664,10806,10911,11434}.Sun Aug 13 15:39:25+0200 2017Done
28058patchsecurity[PATCH] gnu: catdoc: Fix CVE-2017-11110.Fri Aug 11 23:52:24+0200 2017Done
27993securityOniguruma (PHP and Ruby) security issuesSun Aug 06 22:29:25+0200 2017Done
27809securitylibidn2 underscore stripping problemMon Jul 24 21:52:25+0200 2017Done
27808securityPHP CVE-2017-11144, CVE-2017-11145, CVE-2017-11362Mon Jul 24 20:57:24+0200 2017Done
27749patchsecuritygnu: heimdal: Update to 7.4.0.Tue Jul 18 10:27:24+0200 2017Done
27603patchsecurity[PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.Fri Jul 07 00:32:25+0200 2017Done
27519securityPodofo security bugsWed Jun 28 17:49:25+0200 2017Done
27463securityOCaml CVE-2017-9772Fri Jun 23 18:42:25+0200 2017Done
27462securityOCaml CVE-2015-8869Fri Jun 23 18:41:25+0200 2017Done
22883securityTrustable "guix pull"Wed Mar 02 19:04:26+0100 2016Done
65832patchsecurity[PATCH] guix: shell: Don't whitelist / by typo in `shell-authorized-directories'.Fri Sep 08 22:49:24+0200 2023Done
66304securityexim vulnearable to CVE-2023-42115 et alMon Oct 02 12:47:24+0200 2023Done
66348patchsecurity[PATCH RFC] gnu: glibc: Fix CVE-2023-4911.Wed Oct 04 22:26:24+0200 2023Done
66641securitypatch[PATCH 0/2] httpd: Update to 2.4.58. [security fixes]Thu Oct 19 16:54:25+0200 2023Done
66658securitypatch[PATCH] gnu: nghttp2: Replace with 1.57.0.Sat Oct 21 06:21:25+0200 2023Done
66662securityReferences to ungrafted glibc retainedSat Oct 21 10:30:24+0200 2023Done
69728patchsecurity[PATCH security] daemon: Protect against FD escape when building fixed-output derivations (CVE-2024-27297).Mon Mar 11 11:54:24+0100 2024Done