[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: notes for 2023 release



Hello,

On Sat, Jun 10, 2023 at 12:47 PM Samuel Thibault
<samuel.thibault@gnu.org> wrote:
> Do you think about anything else to announce?

Not an announcement, but please consider backporting
346b6eab3c14ead0b716d53e2235464b822f48f2 "hurd: Run init_pids ()
before init_dtable ()" if it's not too late (or doing it after release
if it is too late). This was an important fix; currently ctty handling
is completely broken in Debian.

Maybe mention the 'setauth (19)' vulnerability getting fixed? (For
anyone who's not heard of this: yes, it was that easy to get root
access. This was the fifth major vulnerability that I reported.)

Sergey


Reply to: