Nixpkgs security tracker
5.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): ADJACENT_NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
Race condition exists in the key generation and rotation functionality
A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.
References
-
-
-
-
-
https://www.openwall.com/lists/oss-security/2023/06/15/1 x_transferred
-
-
-
-
-
-
-
-
-
https://www.openwall.com/lists/oss-security/2023/06/15/1 x_transferred
-
-
-
-
-
https://www.openwall.com/lists/oss-security/2023/06/15/1 x_transferred
-
-
-
-
-
https://www.openwall.com/lists/oss-security/2023/06/15/1 x_transferred
Affected products
Matching in nixpkgs
pkgs.tang
Server for binding data to network presence
pkgs.tango
Local command-line Japanese dictionary tool using yomichan's dictionary files
pkgs.tangram
Run web apps on your desktop
pkgs.entangle
Tethered camera control and capture
pkgs.md-tangle
Generates ("tangles") source code from Markdown documents
pkgs.rectangle
Move and resize windows in macOS using keyboard shortcuts or snap areas
pkgs.tangerine
System for creating 3D models procedurally from a set of Signed Distance Function (SDF) primitive shapes and combining operators
-
nixos-unstable 2024-04-05
- nixpkgs-unstable 2024-04-05
- nixos-unstable-small 2024-04-05
pkgs.rectangle-pro
Move and resize windows in macOS using keyboard shortcuts or snap areas
pkgs.haskellPackages.tangle
Heterogenous memoisation monad
pkgs.gnomeExtensions.rectangle
Magnet/Rectangle like manual tiling
pkgs.python311Packages.untangle
Convert XML documents into Python objects
pkgs.python312Packages.untangle
Convert XML documents into Python objects
pkgs.emacsPackages.mustang-theme
None
-
nixos-unstable 20170719.946
- nixpkgs-unstable 20170719.946
- nixos-unstable-small 20170719.946
pkgs.emacsPackages.phi-rectangle
None
-
nixos-unstable 20200911.204
- nixpkgs-unstable 20200911.204
- nixos-unstable-small 20200911.204
pkgs.emacsPackages.tango-2-theme
None
-
nixos-unstable 2-theme-20120312.2025
- nixpkgs-unstable 2-theme-20120312.2025
- nixos-unstable-small 2-theme-20120312.2025
pkgs.emacsPackages.org-tanglesync
None
-
nixos-unstable 20200127.1616
- nixpkgs-unstable 20200127.1616
- nixos-unstable-small 20200127.1616
pkgs.emacsPackages.tangonov-theme
None
-
nixos-unstable 20230425.1456
- nixpkgs-unstable 20230425.1456
- nixos-unstable-small 20230425.1456
pkgs.emacsPackages.org-auto-tangle
None
-
nixos-unstable 20220812.2327
- nixpkgs-unstable 20220812.2327
- nixos-unstable-small 20220812.2327
pkgs.emacsPackages.rectangle-utils
None
-
nixos-unstable 20240830.306
- nixpkgs-unstable 20240830.306
- nixos-unstable-small 20240830.306
pkgs.emacsPackages.tango-plus-theme
None
-
nixos-unstable 20240703.1443
- nixpkgs-unstable 20240703.1443
- nixos-unstable-small 20240703.1443
pkgs.emacsPackages.tangotango-theme
None
-
nixos-unstable 20220714.2034
- nixpkgs-unstable 20220714.2034
- nixos-unstable-small 20220714.2034
pkgs.vscode-extensions.matangover.mypy
None
pkgs.emacsPackages.color-theme-tangotango
None
Package maintainers
-
@ShamrockLee Yueh-Shun Li <shamrocklee@posteo.net>
-
@honnip Jung seungwoo <me@honnip.page>
-
@AndersonTorres Anderson Torres <torres.anderson.85@protonmail.com>
-
@arnoldfarkas Arnold Farkas <arnold.farkas@gmail.com>
-
@Intuinewin Antoine Labarussias <antoinelabarussias@gmail.com>
-
@wegank Weijia Wang <contact@weijia.wang>
-
@emilytrau Emily Trau <emily+nix@downunderctf.com>
-
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
-
@viraptor Stanisław Pitucha <nix@viraptor.info>
-
@donovanglover Donovan Glover
-
@chuangzhu Chuang Zhu <nixos@chuang.cz>
-
@austinbutler Austin Butler <austinabutler@gmail.com>