ISC, GitHub, and CVE-2025-30066
John Thurston
john.thurston at alaska.gov
Thu Mar 20 16:54:31 UTC 2025
Thank you for the clear and concise explanation.
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
John.Thurston at alaska.gov
Department of Administration
State of Alaska
On 3/20/2025 8:42 AM, Ondřej Surý wrote:
>> On 20. 3. 2025, at 23:12, John Thurston<john.thurston at alaska.gov> wrote:
>>
>> And since I know that ISC has projects at GitHub, and I suspect that ISC projects would be a big, fat, juicy target for code injection, I feel like I gotta ask . . Is ISC willing to weigh in and say if their projects may have been affected, or if credentials for their projects may have been exposed?
> We don't use GitHub as primary platform and we push only public branches to GitHub as read-only mirrors.
>
> I do run some extra checks on GitHub (like CodeQL and SonarCloud because of the integrations), but this was the first time I've ever heard about tj-actions in my life.
>
> Ondrej
> --
> Ondřej Surý (He/Him)
> ondrej at isc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20250320/0879350a/attachment.htm>
More information about the bind-users
mailing list