This is an automated email from the git hooks/post-receive script.
lfam pushed a commit to branch master
in repository guix-artwork.
The following commit(s) were added to refs/heads/master by this push:
new dd964be website: keep-failed bug blog post: Refer to CVE-2021-27851.
dd964be is described below
commit dd964beef6ba857457369afa27ffc25923c683da
Author: Leo Famulari <[email protected]>
AuthorDate: Mon Nov 8 17:12:38 2021 -0500
website: keep-failed bug blog post: Refer to CVE-2021-27851.
* website/posts/keep-failed.md: Add the CVE ID.
---
website/posts/keep-failed.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/website/posts/keep-failed.md b/website/posts/keep-failed.md
index f2cc6fd..d5bc18a 100644
--- a/website/posts/keep-failed.md
+++ b/website/posts/keep-failed.md
@@ -1,4 +1,4 @@
-title: Risk of local privilege escalation via guix-daemon
+title: Risk of local privilege escalation via guix-daemon (CVE-2021-27851)
date: 2021-03-18 13:00
author: Ludovic Courtès and Leo Famulari
tags: Security Advisory
@@ -29,6 +29,8 @@ eventually fails, the daemon changes ownership of the whole
build tree,
including the hardlink, to the user. At that point, the user has write access
to the target file.
+This is [CVE-2021-27851](https://www.cve.org/CVERecord?id=CVE-2021-27851).
+
# Fix
This [bug](https://issues.guix.gnu.org/47229) has been
