oss-sec mailing list archives
Re: CVE-2019-17365: Nix per-user profile directory hijack
From: Michael Orlitzky <michael () orlitzky com>
Date: Thu, 10 Oct 2019 19:01:25 -0400
Hello Michael and oss-security, As soon as we are comfortable with a fix, we will release a new version of Nix. We will also examine how we handle security issues, and publish a post-mortem of how this happened and how our processes will be changed to prevent this from happening again.
I don't think you handled it unusually badly (shit happens), but the desire to improve is admirable nonetheless.
Current thread:
- CVE-2019-17365: Nix per-user profile directory hijack Michael Orlitzky (Oct 09)
- Re: CVE-2019-17365: Nix per-user profile directory hijack Graham Christensen (Oct 09)
- Re: CVE-2019-17365: Nix per-user profile directory hijack Michael Orlitzky (Oct 10)
- CVE-2019-18192: Insecure permissions on Guix profile directory Ludovic Courtès (Oct 17)
- Re: CVE-2019-17365: Nix per-user profile directory hijack Graham Christensen (Oct 09)