From c9960ad67c7644225343e913d5fea620d97bb293 Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Sat, 3 Apr 2021 22:13:28 +0200
Subject: news: Recommend upgrade for account activation vulnerability.

* etc/news.scm: Recommend upgrade.
---
 etc/news.scm | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'etc')

diff --git a/etc/news.scm b/etc/news.scm
index 9b23c7ca0f..adb81dd64b 100644
--- a/etc/news.scm
+++ b/etc/news.scm
@@ -31,6 +31,13 @@
 System---Guix on other distros is unaffected.  The system is only vulnerable
 during the activation of user accounts that do not already exist.
 
+This bug is fixed and Guix System users are advised to upgrade their system,
+with a command along the lines of:
+
+@example
+guix system reconfigure /run/current-system/configuration.scm
+@end example
+
 The attack can happen when @command{guix system reconfigure} is running.
 Running @command{guix system reconfigure} can trigger the creation of new user
 accounts if the configuration specifies new accounts.  If a user whose account
-- 
cgit v1.2.3