[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: notes for 2023 release
From: |
Sergey Bugaev |
Subject: |
Re: notes for 2023 release |
Date: |
Sat, 10 Jun 2023 19:06:35 +0300 |
Hello,
On Sat, Jun 10, 2023 at 12:47 PM Samuel Thibault
<samuel.thibault@gnu.org> wrote:
> Do you think about anything else to announce?
Not an announcement, but please consider backporting
346b6eab3c14ead0b716d53e2235464b822f48f2 "hurd: Run init_pids ()
before init_dtable ()" if it's not too late (or doing it after release
if it is too late). This was an important fix; currently ctty handling
is completely broken in Debian.
Maybe mention the 'setauth (19)' vulnerability getting fixed? (For
anyone who's not heard of this: yes, it was that easy to get root
access. This was the fifth major vulnerability that I reported.)
Sergey