Re: notes for 2023 release

To: debian-hurd@lists.debian.org, bug-hurd@gnu.org
Subject: Re: notes for 2023 release
From: Sergey Bugaev <bugaevc@gmail.com>
Date: Sat, 10 Jun 2023 19:06:35 +0300
Message-id: <[🔎] CAN9u=HcX+bDaC7Mjrg5gzPjYePm_VtHC9zV=fagrSk_7KwQ85A@mail.gmail.com>
In-reply-to: <[🔎] 20230610094736.yo43qzge5kslrgvx@begin>
References: <[🔎] 20230610094736.yo43qzge5kslrgvx@begin>

Hello,

On Sat, Jun 10, 2023 at 12:47 PM Samuel Thibault
<samuel.thibault@gnu.org> wrote:
> Do you think about anything else to announce?

Not an announcement, but please consider backporting
346b6eab3c14ead0b716d53e2235464b822f48f2 "hurd: Run init_pids ()
before init_dtable ()" if it's not too late (or doing it after release
if it is too late). This was an important fix; currently ctty handling
is completely broken in Debian.

Maybe mention the 'setauth (19)' vulnerability getting fixed? (For
anyone who's not heard of this: yes, it was that easy to get root
access. This was the fifth major vulnerability that I reported.)

Sergey

Reply to:

Follow-Ups:
- Re: notes for 2023 release
  - From: Samuel Thibault <samuel.thibault@gnu.org>

References:
- notes for 2023 release
  - From: Samuel Thibault <samuel.thibault@gnu.org>

Prev by Date: Re: usr/libexec/console-run: /dev/console: Read-only file system
Next by Date: Re: notes for 2023 release
Previous by thread: notes for 2023 release
Next by thread: Re: notes for 2023 release
Index(es):
- Date
- Thread