~bmw/portmod-announce

Portmod 2.5.8

Details
Message ID
<7f7aec51-468a-0cb9-e234-1f94ede78683@disroot.org>
DKIM signature
missing
Download raw message
Portmod 2.5.8 has been released. This is a bugfix release, notably 
including fixes for two security vulnerabilities, one of which affects 
all users.

Note that these vulnerabilities are exploitable by malicious packages 
and repositories, making it possible for them to bypass the restricted 
permissions of the sandbox and make arbitrary changes to your system, 
limited only by the permissions of the account running Portmod.
However, as I think this is the first time I've reported a security 
vulnerability in portmod, I think it should be noted that no such 
malicious packages are known to exist, and portmod remains a small 
enough thing that it's unlikely to be dealing with exploits in the near 
future.

Full details can be found on the release page:
https://gitlab.com/portmod/portmod/-/releases/v2.5.8

Benjamin Winger
Reply to thread Export thread (mbox)