sm1> Qubes uses Salt, and there's something nasty going around: sm1> https://saltexploit.com/
sm2> to be used "by hand only" we could enforce risk = 0 by the above formula sm2> and keeping fingers off salt for a while. Thanks! sm3> There was today an update for all templates related to the salt. Doesn't sm3> it include a patch? did any of you actualy bother to look at the problem? because i am 99% sure this doesnt apply to qubes. at all. (also you are several days late on this...) this seems to be the original source and contains a fairly good writeup: https://labs.f-secure.com/advisories/saltstack-authorization-bypass -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200506091056.GL987%40priv-mua.
