GNU bug report logs - #47420
binutils is vulnerable to CVE-2021-20197 (and various others)

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Reported by: Léo Le Bouter <lle-bout@HIDDEN>; Keywords: security; dated Fri, 26 Mar 2021 20:42:01 UTC; Maintainer for guix is bug-guix@HIDDEN.

Message received at 47420 <at> debbugs.gnu.org:


Received: (at 47420) by debbugs.gnu.org; 26 Mar 2021 23:00:55 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 26 19:00:55 2021
Received: from localhost ([127.0.0.1]:42831 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lPvRm-0002Kl-NW
	for submit <at> debbugs.gnu.org; Fri, 26 Mar 2021 19:00:55 -0400
Received: from baptiste.telenet-ops.be ([195.130.132.51]:55664)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@HIDDEN>) id 1lPvRk-0002HZ-FY
 for 47420 <at> debbugs.gnu.org; Fri, 26 Mar 2021 19:00:53 -0400
Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d])
 by baptiste.telenet-ops.be with bizsmtp
 id lB0q2400E0mfAB401B0qpM; Sat, 27 Mar 2021 00:00:50 +0100
Message-ID: <d12edf9cd3c7a6779c25ccd40411c16292406e8d.camel@HIDDEN>
Subject: Re: bug#47420: binutils is vulnerable to CVE-2021-20197 (and
 various others)
From: Maxime Devos <maximedevos@HIDDEN>
To: =?ISO-8859-1?Q?L=E9o?= Le Bouter <lle-bout@HIDDEN>, 
 47420 <at> debbugs.gnu.org
Date: Sat, 27 Mar 2021 00:00:40 +0100
In-Reply-To: <669bea321d23f39ac5bb902dc930f4056f07ec78.camel@HIDDEN>
References: <669bea321d23f39ac5bb902dc930f4056f07ec78.camel@HIDDEN>
Content-Type: multipart/signed; micalg="pgp-sha256";
 protocol="application/pgp-signature"; boundary="=-azZwH7wqmdIpOucP6VQJ"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21;
 t=1616799650; bh=IS0il8aCHn1RBWV0iqIf6pOIjIqC3p9FY6B8q6PMWkA=;
 h=Subject:From:To:Date:In-Reply-To:References;
 b=XQG7NQUkgGPL6MLiyjtOLVNHBviHZJOOyMu6hcTQ6IHXjzuyi/PF+n9ovBxPJ3Exc
 94g4uhJHJpsYQwfYvSP0HxI2PlHZy9nsYY5uph1gw4KdwUJKv/z3dbGCZit5MdyZNW
 tOzIY11S22VhuI6E3PnPh3wjSAQazMuHh2l4JFJ4sE14Lw5XPrv4tDUlKmQgmsgBYe
 lI5n/zIe40JSAQknyzjeaUADC6SPyhJIGUZpT42qkJammwDT1k8ysGe5Y/FGYIykRE
 F7TMlVx6n1ANU1thgc2OyId5xBR68cqeqh6jLlB1G/6hOamGD7svD9PnhQliAWVJ5K
 3p/F8VKu7ArqQ==
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 47420
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--=-azZwH7wqmdIpOucP6VQJ
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Fri, 2021-03-26 at 21:41 +0100, L=C3=A9o Le Bouter via Bug reports for G=
NU Guix wrote:
> CVE-2021-20197	18:15
> There is an open race window when writing output in the following
> utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip,
> ranlib. When these utilities are run as a privileged user (presumably
> as part of a script updating binaries across different users), an
> unprivileged user can trick these utilities into getting ownership of
> arbitrary files through a symlink.

At first I thought -- why would anyone run the binutils as root (or other
privileged user)?  Isn't it only used for *compiling* stuff?  But then
I looked at the actual bug report:

  https://sourceware.org/bugzilla/show_bug.cgi?id=3D26945

Apparently creating temporary files isn't done quite correctly.
IIUC, on a shared guix system, a malicious user could use this bug
to change the binary that would normally result from the innocent
user running "./configure && make" into something controlled
by the malicious user.

Question: if I run "guix environment guix", do I get the packages
normally used for building guix as-is, or the grafted versions?
When I run "guix environment emacs", I see two lines "applying $N grafts",
so I assume the latter.

> For the two versions packaged in GNU Guix we have:
>=20
> $ ./pre-inst-env guix lint -c cve binutils@HIDDEN
> gnu/packages/base.scm:584:2: binutils@HIDDEN: probably vulnerable to
> CVE-2020-35493, CVE-2020-35494, CVE-2020-35495, CVE-2020-35496, CVE-
> 2020-35507
>=20
> $ ./pre-inst-env guix lint -c cve binutils@HIDDEN
> gnu/packages/base.scm:571:2: binutils@HIDDEN: probably vulnerable to CVE-
> 2020-16590, CVE-2020-16591, CVE-2020-16592, CVE-2020-16593, CVE-2020-
> 16599

> Because they are also build tools for GNU Guix itself, we can't fix
> this in grafts,

No, see next comment.

>  a review of each and every CVE can be made to evaluate
> whether we must fix it for GNU Guix's internal usage can be made, but
> also we should update it and not use any vulnerable version anywhere so
> we can be certain we didnt miss anything.

Guix itself only use binutils in the build containers, which (I presume)
have their own temporary directories, so this shouldn't be
relevant to Guix itself.  However, grafts are still important for
*developers*.  See my first comment block.

> Can binutils be upgraded just like that? Or must it be upgraded in
> tandem with GCC and friends?

I don't know, I guess you'll just have to try and read the release notes.
In any case, upgrading packages seems a good idea (as long as it doesn't
cause world-rebuild or bootstrapping issues of course), even if there
weren't any security issues -- perhaps something to do on core-updates?.

Thanks for looking into these potential security issues,

Greetings,
Maxime.


--=-azZwH7wqmdIpOucP6VQJ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iI0EABYIADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYF5nmBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7k+PAQDTGO4qOQLRqmaQr72wSZvWxDNQ
AsiSw2Kt30W4AoVzVQEA6Oho2QtrfIFFs/vF6Ijq/WJOkVtHeZeqcInN6HzeEQU=
=aPRn
-----END PGP SIGNATURE-----

--=-azZwH7wqmdIpOucP6VQJ--





Information forwarded to bug-guix@HIDDEN:
bug#47420; Package guix. Full text available.

Message received at 47420 <at> debbugs.gnu.org:


Received: (at 47420) by debbugs.gnu.org; 26 Mar 2021 21:56:42 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 26 17:56:42 2021
Received: from localhost ([127.0.0.1]:42737 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lPuRe-0008Mw-67
	for submit <at> debbugs.gnu.org; Fri, 26 Mar 2021 17:56:42 -0400
Received: from mail.zaclys.net ([178.33.93.72]:34709)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lle-bout@HIDDEN>) id 1lPuRb-0008Mh-Ij
 for 47420 <at> debbugs.gnu.org; Fri, 26 Mar 2021 17:56:40 -0400
Received: from [192.168.0.44] (82-64-145-38.subs.proxad.net [82.64.145.38])
 (authenticated bits=0)
 by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12QLuW4o037751
 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
 for <47420 <at> debbugs.gnu.org>; Fri, 26 Mar 2021 22:56:33 +0100
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12QLuW4o037751
Authentication-Results: mail.zaclys.net;
 dmarc=fail (p=reject dis=none) header.from=zaclys.net
Authentication-Results: mail.zaclys.net;
 spf=fail smtp.mailfrom=lle-bout@HIDDEN
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net;
 s=default; t=1616795793;
 bh=bIed75h4dQ5qIwbcNKIOr9/pswZ743+2AovOveHgMyw=;
 h=Subject:From:To:Date:In-Reply-To:References:From;
 b=R4fbbzAMyXGoytvvCn45k8hcyF2txiVMXTPJ3UB8sUrtbBpUU6chwQRH/ySkWOw8c
 tMqAMA+kj3rPHVRDaiFGJtVGJ2Cgah3SW4j46MWkMVb4g00IuD9CkmYPxBX01c+x+n
 63NnKPHH7XoburucKsp98Lx8Y2Rl78px07U7YNDY=
Message-ID: <229d740c124ef1133bdaa032222302ac99e398a8.camel@HIDDEN>
Subject: Re: bug#47420: binutils is vulnerable to CVE-2021-20197 (and
 various others)
From: =?ISO-8859-1?Q?L=E9o?= Le Bouter <lle-bout@HIDDEN>
To: 47420 <at> debbugs.gnu.org
Date: Fri, 26 Mar 2021 22:56:32 +0100
In-Reply-To: <669bea321d23f39ac5bb902dc930f4056f07ec78.camel@HIDDEN>
References: <669bea321d23f39ac5bb902dc930f4056f07ec78.camel@HIDDEN>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-go+0q18WHXMh5uRcFL9p"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 47420
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--=-go+0q18WHXMh5uRcFL9p
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Another:

CVE-2021-20284	18:15
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based
buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due
to the number of symbols not calculated correctly. The highest threat
from this vulnerability is to system availability.

--=-go+0q18WHXMh5uRcFL9p
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBeWJAACgkQRaix6GvN
EKYitxAAjjGVBnGZwORJcGfl4CN1J3kXS9Zzitt/E8VFzDYu20cardGBCyi86K7O
lxCYS3/7OEZgwy1TFPfwTomBJU4AHQPSmqEOBaRPFXoL0q1s82qQlzHh/s1j65uL
7hp/zSU2C+8IJmY9E93k1jgWx9CGP7fr9RkRvGl9tpAPmk3n9ctzBtyLO9Xn5eRy
mbV7DWWgbMTHwbeZfohpTrRSTSOuQI+wYxG33WzfRhjDYOwyUXhbI8av/CEFuVEc
FlekTEgMzqfDduRAHLUEenIIj5nGX0WsZUjVz24a15jmjUFB5NjCszVxceOe4n6B
9uiZaLVplAQjPYijQKV30yMJJjckvk5eZOyt+fsJN4EWFtLon9i7246+XM8sjfbB
S4cZFveNxBWr8CbdJ5A+1iF9MyT7x2XM/BgatwAgzirYCd4RkjTrcXAVCgoj+ZVM
JBY+QtPKO2lQHTU2fQxyf5u9t7cXNCybmHv5lUXe4XujtJ1T5MSBm06Krwnc535B
aN2q6POjSM5cD51twR0AM0rnQk+e4r5/N6Ky4Mt0ZXZL7r5QSRSbfUYGDdkrlxz6
y+AP0EoAD9vofEnzdXv8UznwPi0/HG3I+/0WqVqsYey5BvV1FEqjteWDh42mxvmp
nR4wfOy6yBN1VCzBOwWBQVMRrzMHthunOxil240CKBoujwhXbzA=
=htsO
-----END PGP SIGNATURE-----

--=-go+0q18WHXMh5uRcFL9p--





Information forwarded to bug-guix@HIDDEN:
bug#47420; Package guix. Full text available.
Added tag(s) security. Request was from Léo Le Bouter <lle-bout@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 26 Mar 2021 20:41:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 26 16:41:32 2021
Received: from localhost ([127.0.0.1]:42618 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lPtGt-0002Is-Qa
	for submit <at> debbugs.gnu.org; Fri, 26 Mar 2021 16:41:32 -0400
Received: from lists.gnu.org ([209.51.188.17]:58216)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lle-bout@HIDDEN>) id 1lPtGs-0002Il-KK
 for submit <at> debbugs.gnu.org; Fri, 26 Mar 2021 16:41:30 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:37888)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <lle-bout@HIDDEN>)
 id 1lPtGs-0005en-9K
 for bug-guix@HIDDEN; Fri, 26 Mar 2021 16:41:30 -0400
Received: from mail.zaclys.net ([178.33.93.72]:54763)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <lle-bout@HIDDEN>)
 id 1lPtGp-0007Q7-J0
 for bug-guix@HIDDEN; Fri, 26 Mar 2021 16:41:29 -0400
Received: from guix-xps.local (82-64-145-38.subs.proxad.net [82.64.145.38])
 (authenticated bits=0)
 by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12QKfOMl009514
 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
 for <bug-guix@HIDDEN>; Fri, 26 Mar 2021 21:41:24 +0100
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12QKfOMl009514
Authentication-Results: mail.zaclys.net;
 dmarc=fail (p=reject dis=none) header.from=zaclys.net
Authentication-Results: mail.zaclys.net;
 spf=fail smtp.mailfrom=lle-bout@HIDDEN
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net;
 s=default; t=1616791284;
 bh=PAz5eH5dR70EQ4IYaki03UgvN47z6WiA3uzbsxJ2zCA=;
 h=Subject:From:To:Date:From;
 b=gb0s5bP74VC/U7qpWSjuWrAUxHN6/+NSAfZIQIcrLpN8NS4FwO4l0NyYLaVIwZMPJ
 JyNgSuk4iTlNVmgNNm8IH1m2Wpxy617EXEEVX/gFOFF12ThOihugGX3tZ41wIyhxAV
 9izK+XHNKApt/UPry45y17otI5GIs51oy48oW7Dc=
Message-ID: <669bea321d23f39ac5bb902dc930f4056f07ec78.camel@HIDDEN>
Subject: binutils is vulnerable to CVE-2021-20197 (and various others)
From: =?ISO-8859-1?Q?L=E9o?= Le Bouter <lle-bout@HIDDEN>
To: bug-guix@HIDDEN
Date: Fri, 26 Mar 2021 21:41:20 +0100
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-j5FKG5V+VjaTh3Lnpq4o"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
Received-SPF: pass client-ip=178.33.93.72; envelope-from=lle-bout@HIDDEN;
 helo=mail.zaclys.net
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)


--=-j5FKG5V+VjaTh3Lnpq4o
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

CVE-2021-20197	18:15
There is an open race window when writing output in the following
utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip,
ranlib. When these utilities are run as a privileged user (presumably
as part of a script updating binaries across different users), an
unprivileged user can trick these utilities into getting ownership of
arbitrary files through a symlink.

For the two versions packaged in GNU Guix we have:

$ ./pre-inst-env guix lint -c cve binutils@HIDDEN
gnu/packages/base.scm:584:2: binutils@HIDDEN: probably vulnerable to
CVE-2020-35493, CVE-2020-35494, CVE-2020-35495, CVE-2020-35496, CVE-
2020-35507

$ ./pre-inst-env guix lint -c cve binutils@HIDDEN
gnu/packages/base.scm:571:2: binutils@HIDDEN: probably vulnerable to CVE-
2020-16590, CVE-2020-16591, CVE-2020-16592, CVE-2020-16593, CVE-2020-
16599

Because they are also build tools for GNU Guix itself, we can't fix
this in grafts, a review of each and every CVE can be made to evaluate
whether we must fix it for GNU Guix's internal usage can be made, but
also we should update it and not use any vulnerable version anywhere so
we can be certain we didnt miss anything.

Can binutils be upgraded just like that? Or must it be upgraded in
tandem with GCC and friends?

Thank you,
L=C3=A9o

--=-j5FKG5V+VjaTh3Lnpq4o
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBeRvAACgkQRaix6GvN
EKZ8kRAAmAZr1kxoMaGXvAHujdj5yLe4s9U1+YqhBaUr4KI3bU0WKWZfy/+8vERb
aDx453sxQFvIRW0g9DpwsJzL9n0+oft+g9C1KYaLgp63w6lhp0cdtkGKDJdYaJyE
UulAS/F9W0OrWvp0uDeUikeBuAtniJ8lweApZn6VeMcfQ/WCIIMJ39lZ48mbKYhZ
UZXnyQGAEi4Jt+I7pEeoi+TBPeDIuN4YU4mivBiMMgrLnWZdEP1jKywBa5Lukb6G
xMlmpkMdye8m8sTbuAmfZJ2IXvjcpwE3NgU05q6n6vOvuHyLuhSJJ5uOltob9I04
HD1UeQOTGvaaDqNBFPpiM5v3abKJKv4ZjHD/MMXdUykAzAsDs93Ls7J5QF6avmu/
ysfJpJNDNSy90Kld3e6VqO4P181Q3+kIVkzyeqbHOe6Md+FVuc7wMNl/oPy92H10
zfcduy1klfSqqgPAUidL75Voti90mttPhAX7SYn7J2nwt0W2NJpbindrXhJwTX0j
hbMAJDs0Osh+6StB3BDSsLknx3SN/Frj0UGf8UlelovASAarO9CmJ6W/w/5JPRkK
Yk/Npe2iejEzj+GbRhTZH9W5UMchdyoWS5UZw0eY2ArT/g0xdtdqdteKovnla4b0
wai92AvvIuubGc7FeyA5qs788L8u4zhaPrYWiaVQQORUejGvzNM=
=jnN8
-----END PGP SIGNATURE-----

--=-j5FKG5V+VjaTh3Lnpq4o--





Acknowledgement sent to Léo Le Bouter <lle-bout@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#47420; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Fri, 26 Mar 2021 23:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.