news: Announce potential security issue in glibc package.

* etc/news.scm: Add entry. Change-Id: Iea4883d83cae7dee937d46d534cfa8dad17b1028
author: John Kehayias <john@guixotic.coop> 2026-02-20 01:16:13 -0500
committer: John Kehayias <john@guixotic.coop> 2026-02-20 01:16:13 -0500
commit: 4d1291eaaabc6ff440fa1e76e0c9160fd8a3c21a (patch)
tree: 0d77281cec98d55e5f4b3e699428842d84175cf2 /etc
parent: d659fe8666c4bc38fcbdbe7b7a35101f2d7cc41b (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/etc/news.scm b/etc/news.scm
index b7f9c059cd1..008751d2961 100644
--- a/etc/news.scm
+++ b/etc/news.scm
@@ -42,6 +42,16 @@
 (channel-news
  (version 0)
 
+ (entry (commit "d659fe8666c4bc38fcbdbe7b7a35101f2d7cc41b")
+        (title
+         (en "Potential security vulnerability in glibc"))
+        (body
+         (en "Guix adds the environment variable @code{GUIX_LOCPATH} to glibc,
+however it was not added to potentially unsafe variables to be unset in
+privileged environments.  A CVE number is pending for this issue.  This has
+been fixed with a graft to glibc and users should update all profiles,
+reconfigure their system, and reboot.")))
+
  (entry (commit "6d4cb99a15da7f4fd55f956c55f4f4aacfcc7742")
         (title
          (en "@code{%desktop-services} now includes GDM on AArch64")
author	John Kehayias <john@guixotic.coop>	2026-02-20 01:16:13 -0500
committer	John Kehayias <john@guixotic.coop>	2026-02-20 01:16:13 -0500
commit	4d1291eaaabc6ff440fa1e76e0c9160fd8a3c21a (patch)
tree	0d77281cec98d55e5f4b3e699428842d84175cf2 /etc
parent	d659fe8666c4bc38fcbdbe7b7a35101f2d7cc41b (diff)