‘guix substitute‘ and ‘guix pull‘ Vulnerabilities
Summary
GNU Guix reports multiple vulnerabilities in guix substitute and guix pull/time-machine with CVEs pending. The advisories describe remote and local exploitation risks, upgrade and mitigation steps (including --no-substitutes), and a test script to check vulnerable status, along with a timeline of discovery and fixes.