Bug#1068107: cloud.debian.org: pull images with compromised xz packages
Package: cloud.debian.org
Severity: important
X-Debbugs-Cc: rvandegrift@debian.org
Hi team,
We should probably pull the daily sid and trixie images built with the
compromised xz-utils. Looking at the json manifests, this would be:
sid: all images since 2024-02-27
trixie: 2024-03-05 through 2024-03-28, inclusive
I determined these dates by looking at the azure amd64 manifest, since it's
first in the dir listing. I haven't looked into why the sid builds still say
they include liblzma5 5.6.0-0.2.
Finally, apologies for not being able to do this myself - I still do not have
my account setup for access to core machines.
Ross
Reply to: