bug#70581: PHP, glibc, and CVE-2024-2961
Hi McSinyx, security-relevant bugs ought to go to , see [1]. Since a patch exists for glibc all the way back to 2.30, I suppose a graft can be used and should be performed timely. Cheers [1] https://guix.gnu.org/en/security/
bug#70581: PHP, glibc, and CVE-2024-2961
Hello Guix, Last week, an overflow bug in glibc's iconv(3) was discovered: https://www.openwall.com/lists/oss-security/2024/04/17/9 It may enable remove code execution through PHP. Due to the immutable nature of Guix, is it possible to hotpatch this using graft, or do we need to rebuild to world? https://rockylinux.org/news/glibc-vulnerability-april-2024/ Kind regards, McSinyx