70114 patch security [PATCH 0/1] Xz backdoor / JiaT75 cleanup for libarchive Sun Mar 31 13:49:25-0700 2024 Done 64562 security Rotated logs have different permissions from logs that have not yet been rotated Mon Jul 10 11:31:25-0700 2023 Open 60782 important security Channels and dependency confusion Fri Jan 13 05:49:25-0800 2023 Open 57701 important security Rotated logs has insecure file permissions Fri Sep 09 08:13:24-0700 2022 Open 50698 patch security [PATCH] WIP patches for recently-known hurd security vulnerabilities Mon Sep 20 03:40:25-0700 2021 Open 48146 security Getting diverted to non-updated branches: a limitation of the authentication mechanism? Sat May 01 14:40:24-0700 2021 Open 48077 security assword superseded by impass Wed Apr 28 01:40:24-0700 2021 Open 47624 security Various IP handling perl packages may be vulnerable Tue Apr 06 12:05:25-0700 2021 Open 47622 security vigra package is vulnerable to CVE-2021-30046 Tue Apr 06 10:21:24-0700 2021 Open 47584 important security patch Race condition in ‘copy-account-skeletons’: possible privilege escalation. Sat Apr 03 09:09:25-0700 2021 Done 47576 security [security] ibus-daemon launches ungrafted subprocesses Fri Apr 02 21:45:24-0700 2021 Open 47544 security rust-slice-deque is vulnerable to CVE-2021-29938 Thu Apr 01 07:08:26-0700 2021 Open 47188 security "guix lint -c cve" does not account for language prefixes (rust-,python-,go-,..) Tue Mar 16 02:29:25-0700 2021 Open 47144 security security patching of 'patch' package Sun Mar 14 14:38:25-0700 2021 Done 46959 security patch [PATCH 0/1] WIP: gnu: newlib: Fix CVE-2021-3420. Fri Mar 05 21:04:25-0800 2021 Open 44887 security openssh service creates DSA keys Thu Nov 26 07:15:25-0800 2020 Done 44808 security Default to allowing password authentication on leaves users vulnerable Sun Nov 22 15:21:24-0800 2020 Open 42299 security ‘guix lint’ should suggest CPE name Thu Jul 09 15:10:25-0700 2020 Open 33966 security fcgiwrap: additional options for logging and unix domain sockets Thu Jan 03 12:02:26-0800 2019 Open 69728 patch security [PATCH security] daemon: Protect against FD escape when building fixed-output derivations (CVE-2024-27297). Mon Mar 11 03:54:24-0700 2024 Done 66662 important security References to ungrafted glibc retained Sat Oct 21 01:30:24-0700 2023 Done 66658 security patch [PATCH] gnu: nghttp2: Replace with 1.57.0. Fri Oct 20 21:21:25-0700 2023 Done 66641 security patch [PATCH 0/2] httpd: Update to 2.4.58. [security fixes] Thu Oct 19 07:54:25-0700 2023 Done 66348 important patch security [PATCH RFC] gnu: glibc: Fix CVE-2023-4911. Wed Oct 04 13:26:24-0700 2023 Done 66304 security exim vulnearable to CVE-2023-42115 et al Mon Oct 02 03:47:24-0700 2023 Done 65832 important patch security [PATCH] guix: shell: Don't whitelist / by typo in `shell-authorized-directories'. Fri Sep 08 13:49:24-0700 2023 Done 62678 security patch [PATCH] services: nginx: Harden php-location settings. Wed Apr 05 08:34:25-0700 2023 Done 62624 patch security [PATCH] gnu: libexif: Update to 0.6.24. [fixes CVE-2020-0198, CVE-2020-0452] Sun Apr 02 11:04:25-0700 2023 Done 55661 important security /etc/ssh/authorized_keys.d contains keys that have been removed Thu May 26 08:02:24-0700 2022 Done 55450 security bitlbee running as root Mon May 16 06:30:24-0700 2022 Done 54414 security [SECURITY] gnu: expat: Update to 2.4.7. Tue Mar 15 17:14:25-0700 2022 Done 53608 patch security [PATCH 0/2] Rejecting commits unrelated to the introductory commit Fri Jan 28 09:32:24-0800 2022 Done 53607 patch security [PATCH] git-authenticate: Test introductory commit signature verification. Fri Jan 28 09:10:25-0800 2022 Done 53549 important patch security [PATCH] gnu: polkit: Fix CVE-2021-4034. Wed Jan 26 03:56:25-0800 2022 Done 53545 important security patch [PATCH] gnu: util-linux: Fix CVE-2021-3995 and CVE-2021-3996. Tue Jan 25 21:25:24-0800 2022 Done 50665 important security Docker 19.03 is no longer receiving updates. Sat Sep 18 13:13:25-0700 2021 Done 49817 security patch [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246]. Sun Aug 01 15:32:24-0700 2021 Done 48915 security patch [PATCH] gnu: polkit: Graft a replacement for CVE-2021-3560. Tue Jun 08 01:45:25-0700 2021 Done 48612 security Expat "billion laughs attack" vulnerability (CVE-2013-0340) Sun May 23 08:15:24-0700 2021 Done 48304 security patch [PATCH] gnu: expat: Update via graft. Sat May 08 16:28:24-0700 2021 Done 48039 patch security xorg-server might be vulnerable to CVE-2021-3472 Mon Apr 26 10:25:24-0700 2021 Done 47729 security CVE-2021-30184 Arbitrary code execution in GNU Chess [security] Mon Apr 12 08:44:24-0700 2021 Done 47674 security dnsmasq is vulnerable to CVE-2021-3448 Fri Apr 09 08:10:24-0700 2021 Done 47627 security syncthing package is vulnerable to CVE-2021-21404 Tue Apr 06 15:40:25-0700 2021 Done 47614 security [security] Chunked store references in .zo files in Racket 8 Tue Apr 06 04:08:24-0700 2021 Done 47563 security curl is vulnerable to CVE-2021-22890 and CVE-2021-22876 Fri Apr 02 07:04:25-0700 2021 Done 47562 security java-eclipse-jetty-* packages are vulnerable to CVE-2021-28165, CVE-2021-28164 and CVE-2021-28163 (also probably MANY others, 4y w/o upgrade) Fri Apr 02 03:37:24-0700 2021 Done 47542 security fixed rust-stackvector package is vulnerable to CVE-2021-29939 Thu Apr 01 06:47:25-0700 2021 Done 47510 security cflow is vulnerable to CVE-2019-16165 and CVE-2019-16166 Tue Mar 30 18:50:24-0700 2021 Done 47509 security OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475 Tue Mar 30 18:47:25-0700 2021 Done 47422 security tar is vulnerable to CVE-2021-20193 Fri Mar 26 14:31:25-0700 2021 Done 47420 security binutils is vulnerable to CVE-2021-20197 (and various others) Fri Mar 26 13:41:24-0700 2021 Done 47418 security imagemagick is vulnerable to CVE-2020-27829 Fri Mar 26 12:52:25-0700 2021 Done 47351 security python-pygments@2.7.3 is vulnerable to at least CVE-2021-20270 Tue Mar 23 16:20:25-0700 2021 Done 47342 security java-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351 Tue Mar 23 07:33:25-0700 2021 Done 47319 security python-lxml is vulnerable to CVE-2021-28957 Mon Mar 22 07:09:25-0700 2021 Done 47259 security python-pillow-simd package vulnerable to at least CVE-2021-25293 Fri Mar 19 03:37:25-0700 2021 Done 47257 security mariadb is vulnerable to CVE-2021-27928 (RCE) Fri Mar 19 03:25:25-0700 2021 Done 47231 security sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327 Thu Mar 18 04:42:25-0700 2021 Done 47229 serious security fixed Local privilege escalation via guix-daemon and ‘--keep-failed’ Thu Mar 18 04:17:25-0700 2021 Done 47222 important security Serious bug in Nettle's ecdsa_verify Wed Mar 17 17:23:24-0700 2021 Done 47185 security grub2 package is vulnerable to CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233 and CVE-2021-3418 Tue Mar 16 01:08:43-0700 2021 Done 47143 security pjproject package is vulnerable to CVE-2021-21375 and CVE-2020-15260 Sun Mar 14 14:37:25-0700 2021 Done 47142 security squid package vulnerable to CVE-2021-28116 Sun Mar 14 14:36:25-0700 2021 Done 47141 security Zabbix packages vulnerable to CVE-2021-27927 Sun Mar 14 14:33:25-0700 2021 Done 47140 security libupnp package vulnerable to CVE-2021-28302 Sun Mar 14 14:30:25-0700 2021 Done 46631 security Python CVE-2021-3177 Thu Feb 18 19:21:24-0800 2021 Done 46602 security Removing OpenSSL 1.0 Wed Feb 17 13:26:24-0800 2021 Done 46395 important fixed security Setuid programs are setgid-root: possible local privilege escalation Tue Feb 09 01:01:24-0800 2021 Done 44146 security CVE-2020-15999 in FreeType Thu Oct 22 09:48:24-0700 2020 Done 41796 important security Grafts don't handle outputs other than out Wed Jun 10 15:32:24-0700 2020 Done 41525 security CVE-2020-12762: json-c Mon May 25 05:07:25-0700 2020 Done 40405 security System log files are world readable Fri Apr 03 06:19:25-0700 2020 Done 38884 important security guix system roll-back doesn't roll setuid-programs back Thu Jan 02 16:48:25-0800 2020 Done 38478 security patch fixed [PATCH 0/4] "guix deploy" authenticates SSH servers [security] Tue Dec 03 13:10:25-0800 2019 Done 37744 important security Insecure permissions on /var/guix/profiles/per-user (CVE-2019-18192) Mon Oct 14 00:47:25-0700 2019 Done 36910 important security CVE patches for libmad Sat Aug 03 08:17:26-0700 2019 Done 36424 security expat-2.2.7 for CVE-2018-20843 Fri Jun 28 12:56:25-0700 2019 Done 35716 important security Password security bugs in LUKS configuration during guided install Mon May 13 08:11:25-0700 2019 Done 34926 security patch [PATCH] gnu: libssh2: Update to 1.8.1 with a graft [security fixes]. Wed Mar 20 13:32:25-0700 2019 Done 33988 security [PATCH] gnu: libarchive: Replace with libarchive 3.3.3 and fix CVE-2018-{1000877, 1000878, 1000880}. Sat Jan 05 07:56:25-0800 2019 Done 33933 security [PATCH 0/4] gnu: libextractor: Fix CVE-2018-{20430,20431}. Sun Dec 30 15:16:24-0800 2018 Done 33783 security patch [PATCH] gnu: sqlite: Replace with 3.26.0 [security fixes]. Mon Dec 17 18:54:25-0800 2018 Done 33751 security SQLite "Magellan" vulnerability Fri Dec 14 16:18:25-0800 2018 Done 33733 important security Irrelevant narinfo signatures are honored Thu Dec 13 14:44:24-0800 2018 Done 33730 patch security [PATCH] gnu: Singularity: Update to 2.6.1 [fixes CVE-2018-19295]. Thu Dec 13 12:49:24-0800 2018 Done 33347 patch security [PATCH 0/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]. Sun Nov 11 11:04:25-0800 2018 Done 33156 security patch [PATCH] gnu: libmspack: Update to 0.8 [fixes CVE-2018-{18584, 18585, 18586}]. Thu Oct 25 13:36:24-0700 2018 Done 32997 security Kodi phones home to check for updates Tue Oct 09 01:13:25-0700 2018 Done 32957 important security Python uses a bundled expat Sat Oct 06 07:58:24-0700 2018 Done 32878 security Python-3 CVE-2018-14647 Sat Sep 29 12:23:25-0700 2018 Done 32877 security Python-2 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-1000802 Sat Sep 29 12:18:25-0700 2018 Done 32515 security Ghostscript and GNOME thumbnailing code execution vulnerabilities Thu Aug 23 14:02:25-0700 2018 Done 32181 patch security [PATCH] gnu: ghostscript: Fix CVE-2018-10194. Mon Jul 16 20:34:24-0700 2018 Done 32179 security patch [PATCH] gnu: CUPS: Update to 2.2.8 [fixes CVE-2018-{4180,4181}]. Mon Jul 16 12:04:24-0700 2018 Done 31831 security CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries Thu Jun 14 12:23:25-0700 2018 Done 31797 patch fixed security [PATCH] gnu: perl: Fix CVE-2018-12015. Tue Jun 12 02:25:25-0700 2018 Done 30472 patch security [PATCH 0/6] gnu: java-fasterxml-*: Update to 2.9.4. Thu Feb 15 13:35:25-0800 2018 Done 30378 security [PATCH] gnu: mpv: Fix CVE-2018-6360. Tue Feb 06 22:53:25-0800 2018 Done 30111 security patch [PATCH] gnu: gcc@7: Use retpoline options when building itself. Sun Jan 14 05:09:24-0800 2018 Done 30061 security patch [PATCH] gnu: libvorbis: Fix CVE-2017-{14632,14633}. Wed Jan 10 01:08:24-0800 2018 Done 29773 security urandom-seed-service should run earlier in the boot process Tue Dec 19 11:14:24-0800 2017 Done 28751 important security GuixSD setuid-programs handling creates setuid binaries in the store Sun Oct 08 12:25:24-0700 2017 Done 28294 important patch security [PATCH] gnu: libxml2: Fix CVE-2017-{0663, 7375, 7376, 9047, 9048, 9049, 9050}. Wed Aug 30 06:32:25-0700 2017 Done 28261 security freeimage uses bundled libraries Mon Aug 28 05:12:25-0700 2017 Done 28077 important security patch [PATCH] gnu: qemu: Fix CVE-2017-{10664,10806,10911,11434}. Sun Aug 13 06:39:25-0700 2017 Done 28058 important patch security [PATCH] gnu: catdoc: Fix CVE-2017-11110. Fri Aug 11 14:52:24-0700 2017 Done 27993 security Oniguruma (PHP and Ruby) security issues Sun Aug 06 13:29:25-0700 2017 Done 27809 security libidn2 underscore stripping problem Mon Jul 24 12:52:25-0700 2017 Done 27808 security PHP CVE-2017-11144, CVE-2017-11145, CVE-2017-11362 Mon Jul 24 11:57:24-0700 2017 Done 27749 patch security gnu: heimdal: Update to 7.4.0. Tue Jul 18 01:27:24-0700 2017 Done 27603 important patch security [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}. Thu Jul 06 15:32:25-0700 2017 Done 27519 security Podofo security bugs Wed Jun 28 08:49:25-0700 2017 Done 27463 security OCaml CVE-2017-9772 Fri Jun 23 09:42:25-0700 2017 Done 27462 security OCaml CVE-2015-8869 Fri Jun 23 09:41:25-0700 2017 Done 22883 serious security Trustable "guix pull" Wed Mar 02 10:04:26-0800 2016 Done 70581 security PHP, glibc, and CVE-2024-2961 Thu Apr 25 23:45:30-0700 2024 Open 71000 important patch security [PATCH] gnu: git: Update to 2.45.1 Fri May 17 03:04:24-0700 2024 Done 72173 important security [PATCH] gnu: chicken: Update to 5.4.0. Thu Jul 18 02:00:24-0700 2024 Open 72799 important security patch [PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055, CVE-2024-7272] Sat Aug 24 17:38:24-0700 2024 Open 73122 security patch [PATCH] gnu: weechat: Update to 4.4.2. Sun Sep 08 06:49:24-0700 2024 Done