[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-27297/nix
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 13 19:49:47 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f0bb3de9 by Salvatore Bonaccorso at 2024-03-13T20:49:04+01:00
Add Debian bug reference for CVE-2024-27297/nix
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -420,7 +420,7 @@ CVE-2024-27900 (Due to missing authorization check, attacker with business user
NOT-FOR-US: SAP
CVE-2024-27297 (Nix is a package manager for Linux and other Unix systems. A fixed-out ...)
- guix <unfixed> (bug #1066113)
- - nix <unfixed>
+ - nix <unfixed> (bug #1066812)
NOTE: Fixed by: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=8f4ffb3fae133bb21d7991e97c2f19a7108b1143
NOTE: https://guix.gnu.org/en/blog/2024/fixed-output-derivation-sandbox-bypass-cve-2024-27297/
NOTE: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0bb3de91d9b8428a96aef4c45f51292acbded49
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0bb3de91d9b8428a96aef4c45f51292acbded49
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240313/1d82664b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list