Re: xz backdoor

To: debian-devel@lists.debian.org
Subject: Re: xz backdoor
From: Russ Allbery <rra@debian.org>
Date: Fri, 29 Mar 2024 13:26:39 -0700
Message-id: <[🔎] 87a5mgkcn4.fsf@hope.eyrie.org>
In-reply-to: <[🔎] ZgcgCR8uDPIXVJS_@akarlsso-mac.trudheim.com> (sirius@trudheim.com's message of "Fri, 29 Mar 2024 21:09:45 +0100")
References: <[🔎] ZgcgCR8uDPIXVJS_@akarlsso-mac.trudheim.com>

Sirius <sirius@trudheim.com> writes:

> This is quite actively discussed on Fedora lists.
> https://www.openwall.com/lists/oss-security/2024/
> https://www.openwall.com/lists/oss-security/2024/03/29/4

> Worth taking a look if action need to be taken on Debian.

The version of xz-utils was reverted to 5.4.5 in unstable yesterday by the
security team and migrated to testing today.  Anyone running an unstable
or testing system should urgently upgrade.

-- 
Russ Allbery (rra@debian.org)              <https://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: xz backdoor
  - From: Russ Allbery <rra@debian.org>

References:
- xz backdoor
  - From: Sirius <sirius@trudheim.com>

Prev by Date: Re: xz backdoor
Next by Date: Re: xz backdoor
Previous by thread: Re: xz backdoor
Next by thread: Re: xz backdoor
Index(es):
- Date
- Thread