71000 important patch security [PATCH] gnu: git: Update to 2.45.1 Fri May 17 12:04:24+0200 2024 Done 70581 security PHP, glibc, and CVE-2024-2961 Fri Apr 26 08:45:30+0200 2024 Open 64562 important security Rotated logs have different permissions from logs that have not yet been rotated Mon Jul 10 20:31:25+0200 2023 Open 60782 important security Channels and dependency confusion Fri Jan 13 14:49:25+0100 2023 Open 50698 patch security [PATCH] WIP patches for recently-known hurd security vulnerabilities Mon Sep 20 12:40:25+0200 2021 Open 48146 security Getting diverted to non-updated branches: a limitation of the authentication mechanism? Sat May 01 23:40:24+0200 2021 Open 48077 security assword superseded by impass Wed Apr 28 10:40:24+0200 2021 Open 47624 security Various IP handling perl packages may be vulnerable Tue Apr 06 21:05:25+0200 2021 Open 47622 security vigra package is vulnerable to CVE-2021-30046 Tue Apr 06 19:21:24+0200 2021 Open 47584 important security patch Race condition in ‘copy-account-skeletons’: possible privilege escalation. Sat Apr 03 18:09:25+0200 2021 Done 47576 security [security] ibus-daemon launches ungrafted subprocesses Sat Apr 03 06:45:24+0200 2021 Open 47544 security rust-slice-deque is vulnerable to CVE-2021-29938 Thu Apr 01 16:08:26+0200 2021 Open 47188 security "guix lint -c cve" does not account for language prefixes (rust-,python-,go-,..) Tue Mar 16 10:29:25+0100 2021 Open 47144 security security patching of 'patch' package Sun Mar 14 22:38:25+0100 2021 Done 46959 security patch [PATCH 0/1] WIP: gnu: newlib: Fix CVE-2021-3420. Sat Mar 06 06:04:25+0100 2021 Open 44887 security openssh service creates DSA keys Thu Nov 26 16:15:25+0100 2020 Done 44808 security Default to allowing password authentication on leaves users vulnerable Mon Nov 23 00:21:24+0100 2020 Open 42299 security ‘guix lint’ should suggest CPE name Fri Jul 10 00:10:25+0200 2020 Open 33966 security fcgiwrap: additional options for logging and unix domain sockets Thu Jan 03 21:02:26+0100 2019 Open 70114 patch security [PATCH 0/1] Xz backdoor / JiaT75 cleanup for libarchive Sun Mar 31 22:49:25+0200 2024 Done 69728 patch security [PATCH security] daemon: Protect against FD escape when building fixed-output derivations (CVE-2024-27297). Mon Mar 11 11:54:24+0100 2024 Done 66662 important security References to ungrafted glibc retained Sat Oct 21 10:30:24+0200 2023 Done 66658 security patch [PATCH] gnu: nghttp2: Replace with 1.57.0. Sat Oct 21 06:21:25+0200 2023 Done 66641 security patch [PATCH 0/2] httpd: Update to 2.4.58. [security fixes] Thu Oct 19 16:54:25+0200 2023 Done 66348 important patch security [PATCH RFC] gnu: glibc: Fix CVE-2023-4911. Wed Oct 04 22:26:24+0200 2023 Done 66304 security exim vulnearable to CVE-2023-42115 et al Mon Oct 02 12:47:24+0200 2023 Done 65832 important patch security [PATCH] guix: shell: Don't whitelist / by typo in `shell-authorized-directories'. Fri Sep 08 22:49:24+0200 2023 Done 62678 security patch [PATCH] services: nginx: Harden php-location settings. Wed Apr 05 17:34:25+0200 2023 Done 62624 patch security [PATCH] gnu: libexif: Update to 0.6.24. [fixes CVE-2020-0198, CVE-2020-0452] Sun Apr 02 20:04:25+0200 2023 Done 55661 important security /etc/ssh/authorized_keys.d contains keys that have been removed Thu May 26 17:02:24+0200 2022 Done 55450 security bitlbee running as root Mon May 16 15:30:24+0200 2022 Done 54414 security [SECURITY] gnu: expat: Update to 2.4.7. Wed Mar 16 01:14:25+0100 2022 Done 53608 patch security [PATCH 0/2] Rejecting commits unrelated to the introductory commit Fri Jan 28 18:32:24+0100 2022 Done 53607 patch security [PATCH] git-authenticate: Test introductory commit signature verification. Fri Jan 28 18:10:25+0100 2022 Done 53549 important patch security [PATCH] gnu: polkit: Fix CVE-2021-4034. Wed Jan 26 12:56:25+0100 2022 Done 53545 important security patch [PATCH] gnu: util-linux: Fix CVE-2021-3995 and CVE-2021-3996. Wed Jan 26 06:25:24+0100 2022 Done 50665 important security Docker 19.03 is no longer receiving updates. Sat Sep 18 22:13:25+0200 2021 Done 49817 security patch [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246]. Mon Aug 02 00:32:24+0200 2021 Done 48915 security patch [PATCH] gnu: polkit: Graft a replacement for CVE-2021-3560. Tue Jun 08 10:45:25+0200 2021 Done 48612 security Expat "billion laughs attack" vulnerability (CVE-2013-0340) Sun May 23 17:15:24+0200 2021 Done 48304 security patch [PATCH] gnu: expat: Update via graft. Sun May 09 01:28:24+0200 2021 Done 48039 patch security xorg-server might be vulnerable to CVE-2021-3472 Mon Apr 26 19:25:24+0200 2021 Done 47729 security CVE-2021-30184 Arbitrary code execution in GNU Chess [security] Mon Apr 12 17:44:24+0200 2021 Done 47674 security dnsmasq is vulnerable to CVE-2021-3448 Fri Apr 09 17:10:24+0200 2021 Done 47627 security syncthing package is vulnerable to CVE-2021-21404 Wed Apr 07 00:40:25+0200 2021 Done 47614 security [security] Chunked store references in .zo files in Racket 8 Tue Apr 06 13:08:24+0200 2021 Done 47563 security curl is vulnerable to CVE-2021-22890 and CVE-2021-22876 Fri Apr 02 16:04:25+0200 2021 Done 47562 security java-eclipse-jetty-* packages are vulnerable to CVE-2021-28165, CVE-2021-28164 and CVE-2021-28163 (also probably MANY others, 4y w/o upgrade) Fri Apr 02 12:37:24+0200 2021 Done 47542 security fixed rust-stackvector package is vulnerable to CVE-2021-29939 Thu Apr 01 15:47:25+0200 2021 Done 47510 security cflow is vulnerable to CVE-2019-16165 and CVE-2019-16166 Wed Mar 31 03:50:24+0200 2021 Done 47509 security OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475 Wed Mar 31 03:47:25+0200 2021 Done 47422 security tar is vulnerable to CVE-2021-20193 Fri Mar 26 22:31:25+0100 2021 Done 47420 security binutils is vulnerable to CVE-2021-20197 (and various others) Fri Mar 26 21:41:24+0100 2021 Done 47418 security imagemagick is vulnerable to CVE-2020-27829 Fri Mar 26 20:52:25+0100 2021 Done 47351 security python-pygments@2.7.3 is vulnerable to at least CVE-2021-20270 Wed Mar 24 00:20:25+0100 2021 Done 47342 security java-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351 Tue Mar 23 15:33:25+0100 2021 Done 47319 security python-lxml is vulnerable to CVE-2021-28957 Mon Mar 22 15:09:25+0100 2021 Done 47259 security python-pillow-simd package vulnerable to at least CVE-2021-25293 Fri Mar 19 11:37:25+0100 2021 Done 47257 security mariadb is vulnerable to CVE-2021-27928 (RCE) Fri Mar 19 11:25:25+0100 2021 Done 47231 security sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327 Thu Mar 18 12:42:25+0100 2021 Done 47229 serious security fixed Local privilege escalation via guix-daemon and ‘--keep-failed’ Thu Mar 18 12:17:25+0100 2021 Done 47222 important security Serious bug in Nettle's ecdsa_verify Thu Mar 18 01:23:24+0100 2021 Done 47185 security grub2 package is vulnerable to CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233 and CVE-2021-3418 Tue Mar 16 09:08:43+0100 2021 Done 47143 security pjproject package is vulnerable to CVE-2021-21375 and CVE-2020-15260 Sun Mar 14 22:37:25+0100 2021 Done 47142 security squid package vulnerable to CVE-2021-28116 Sun Mar 14 22:36:25+0100 2021 Done 47141 security Zabbix packages vulnerable to CVE-2021-27927 Sun Mar 14 22:33:25+0100 2021 Done 47140 security libupnp package vulnerable to CVE-2021-28302 Sun Mar 14 22:30:25+0100 2021 Done 46631 security Python CVE-2021-3177 Fri Feb 19 04:21:24+0100 2021 Done 46602 security Removing OpenSSL 1.0 Wed Feb 17 22:26:24+0100 2021 Done 46395 important fixed security Setuid programs are setgid-root: possible local privilege escalation Tue Feb 09 10:01:24+0100 2021 Done 44146 security CVE-2020-15999 in FreeType Thu Oct 22 18:48:24+0200 2020 Done 41796 important security Grafts don't handle outputs other than out Thu Jun 11 00:32:24+0200 2020 Done 41525 security CVE-2020-12762: json-c Mon May 25 14:07:25+0200 2020 Done 40405 security System log files are world readable Fri Apr 03 15:19:25+0200 2020 Done 38884 important security guix system roll-back doesn't roll setuid-programs back Fri Jan 03 01:48:25+0100 2020 Done 38478 security patch fixed [PATCH 0/4] "guix deploy" authenticates SSH servers [security] Tue Dec 03 22:10:25+0100 2019 Done 37744 important security Insecure permissions on /var/guix/profiles/per-user (CVE-2019-18192) Mon Oct 14 09:47:25+0200 2019 Done 36910 important security CVE patches for libmad Sat Aug 03 17:17:26+0200 2019 Done 36424 security expat-2.2.7 for CVE-2018-20843 Fri Jun 28 21:56:25+0200 2019 Done 35716 important security Password security bugs in LUKS configuration during guided install Mon May 13 17:11:25+0200 2019 Done 34926 security patch [PATCH] gnu: libssh2: Update to 1.8.1 with a graft [security fixes]. Wed Mar 20 21:32:25+0100 2019 Done 33988 security [PATCH] gnu: libarchive: Replace with libarchive 3.3.3 and fix CVE-2018-{1000877, 1000878, 1000880}. Sat Jan 05 16:56:25+0100 2019 Done 33933 security [PATCH 0/4] gnu: libextractor: Fix CVE-2018-{20430,20431}. Mon Dec 31 00:16:24+0100 2018 Done 33783 security patch [PATCH] gnu: sqlite: Replace with 3.26.0 [security fixes]. Tue Dec 18 03:54:25+0100 2018 Done 33751 security SQLite "Magellan" vulnerability Sat Dec 15 01:18:25+0100 2018 Done 33733 important security Irrelevant narinfo signatures are honored Thu Dec 13 23:44:24+0100 2018 Done 33730 patch security [PATCH] gnu: Singularity: Update to 2.6.1 [fixes CVE-2018-19295]. Thu Dec 13 21:49:24+0100 2018 Done 33347 patch security [PATCH 0/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]. Sun Nov 11 20:04:25+0100 2018 Done 33156 security patch [PATCH] gnu: libmspack: Update to 0.8 [fixes CVE-2018-{18584, 18585, 18586}]. Thu Oct 25 22:36:24+0200 2018 Done 32997 security Kodi phones home to check for updates Tue Oct 09 10:13:25+0200 2018 Done 32957 important security Python uses a bundled expat Sat Oct 06 16:58:24+0200 2018 Done 32878 security Python-3 CVE-2018-14647 Sat Sep 29 21:23:25+0200 2018 Done 32877 security Python-2 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-1000802 Sat Sep 29 21:18:25+0200 2018 Done 32515 security Ghostscript and GNOME thumbnailing code execution vulnerabilities Thu Aug 23 23:02:25+0200 2018 Done 32181 patch security [PATCH] gnu: ghostscript: Fix CVE-2018-10194. Tue Jul 17 05:34:24+0200 2018 Done 32179 security patch [PATCH] gnu: CUPS: Update to 2.2.8 [fixes CVE-2018-{4180,4181}]. Mon Jul 16 21:04:24+0200 2018 Done 31831 security CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries Thu Jun 14 21:23:25+0200 2018 Done 31797 patch fixed security [PATCH] gnu: perl: Fix CVE-2018-12015. Tue Jun 12 11:25:25+0200 2018 Done 30472 patch security [PATCH 0/6] gnu: java-fasterxml-*: Update to 2.9.4. Thu Feb 15 22:35:25+0100 2018 Done 30378 security [PATCH] gnu: mpv: Fix CVE-2018-6360. Wed Feb 07 07:53:25+0100 2018 Done 30111 security patch [PATCH] gnu: gcc@7: Use retpoline options when building itself. Sun Jan 14 14:09:24+0100 2018 Done 30061 security patch [PATCH] gnu: libvorbis: Fix CVE-2017-{14632,14633}. Wed Jan 10 10:08:24+0100 2018 Done 29773 security urandom-seed-service should run earlier in the boot process Tue Dec 19 20:14:24+0100 2017 Done 28751 important security GuixSD setuid-programs handling creates setuid binaries in the store Sun Oct 08 21:25:24+0200 2017 Done 28294 important patch security [PATCH] gnu: libxml2: Fix CVE-2017-{0663, 7375, 7376, 9047, 9048, 9049, 9050}. Wed Aug 30 15:32:25+0200 2017 Done 28261 security freeimage uses bundled libraries Mon Aug 28 14:12:25+0200 2017 Done 28077 important security patch [PATCH] gnu: qemu: Fix CVE-2017-{10664,10806,10911,11434}. Sun Aug 13 15:39:25+0200 2017 Done 28058 important patch security [PATCH] gnu: catdoc: Fix CVE-2017-11110. Fri Aug 11 23:52:24+0200 2017 Done 27993 security Oniguruma (PHP and Ruby) security issues Sun Aug 06 22:29:25+0200 2017 Done 27809 security libidn2 underscore stripping problem Mon Jul 24 21:52:25+0200 2017 Done 27808 security PHP CVE-2017-11144, CVE-2017-11145, CVE-2017-11362 Mon Jul 24 20:57:24+0200 2017 Done 27749 patch security gnu: heimdal: Update to 7.4.0. Tue Jul 18 10:27:24+0200 2017 Done 27603 important patch security [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}. Fri Jul 07 00:32:25+0200 2017 Done 27519 security Podofo security bugs Wed Jun 28 17:49:25+0200 2017 Done 27463 security OCaml CVE-2017-9772 Fri Jun 23 18:42:25+0200 2017 Done 27462 security OCaml CVE-2015-8869 Fri Jun 23 18:41:25+0200 2017 Done 22883 serious security Trustable "guix pull" Wed Mar 02 19:04:26+0100 2016 Done 72173 important security [PATCH] gnu: chicken: Update to 5.4.0. Thu Jul 18 11:00:24+0200 2024 Done 72799 important security patch [PATCH 0/3] ffmpeg updates [fixes CVE-2024-7055, CVE-2024-7272] Sun Aug 25 02:38:24+0200 2024 Done 73122 security patch [PATCH] gnu: weechat: Update to 4.4.2. Sun Sep 08 15:49:24+0200 2024 Done 73919 important security Daemon vulnerability allowing takeover of build users Mon Oct 21 00:03:24+0200 2024 Done