Nix 2.24.8 released fixing builtin:fetchurl credentials leak, severity 5.9 (moderate)
Nix 2.24.8 released fixing builtin:fetchurl credentials leak, severity 5.9 (moderate)
discourse.nixos.org Nix 2.24.8 released fixing builtin:fetchurl credentials leak, severity 5.9 (moderate)
DetSys seems to have made a security release to NixCpp. The primary risk is leaking of netrc credentials through a crafted derivation plus an attacker-in-the-middle. Users of the experimental feature impure-derivations are at greater risk. FlakeHub Cache users and users of impure derivations sh...
cross-posted from: https://discuss.tchncs.de/post/22666403
0
comments