ISC, GitHub, and CVE-2025-30066
Ondřej Surý
ondrej at isc.org
Thu Mar 20 16:42:57 UTC 2025
> On 20. 3. 2025, at 23:12, John Thurston <john.thurston at alaska.gov> wrote:
>
> And since I know that ISC has projects at GitHub, and I suspect that ISC projects would be a big, fat, juicy target for code injection, I feel like I gotta ask . . Is ISC willing to weigh in and say if their projects may have been affected, or if credentials for their projects may have been exposed?
We don't use GitHub as primary platform and we push only public branches to GitHub as read-only mirrors.
I do run some extra checks on GitHub (like CodeQL and SonarCloud because of the integrations), but this was the first time I've ever heard about tj-actions in my life.
Ondrej
--
Ondřej Surý (He/Him)
ondrej at isc.org
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20250320/a11aed48/attachment.sig>
More information about the bind-users
mailing list