guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell


From: Ludovic Courtès
Subject: Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell
Date: Tue, 15 Nov 2016 11:35:12 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

Hi Leo,

Leo Famulari <address@hidden> skribis:

> On Mon, Nov 14, 2016 at 08:45:51PM +0000, Hector Marco wrote:
>> Hello All,
>> 
>> Affected package
>> ----------------
>> Cryptsetup <= 2:1
>
> Hi,
>
> Can you clarify which versions are affected?
>
> The latest upstream version is 1.7.3:
>
> https://gitlab.com/cryptsetup/cryptsetup/commits/master
>
> What is the 2:1 version?

FWIW GuixSD does not use the vulnerable shell scripts mentioned in
<http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html>.
They are not even installed in our ‘cryptsetup’ package.

Ludo’.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]