Re: xz backdoor

To: debian-devel@lists.debian.org
Subject: Re: xz backdoor
From: Christoph Anton Mitterer <calestyo@scientia.org>
Date: Sat, 06 Apr 2024 23:39:01 +0200
Message-id: <[🔎] 2f6dd59dd87a7126ebaab4bb450069593d3a5e73.camel@scientia.org>
In-reply-to: <[🔎] fb410cdb381d6e048ef2f522fd9c6f80d3a0bfff.camel@scientia.org>
References: <[🔎] ZhBHQ4LVnQWp3Cre@acer.trudheim.com> <[🔎] fb410cdb381d6e048ef2f522fd9c6f80d3a0bfff.camel@scientia.org>

Hey.

Seems some of the reverse engineers may have found some more
interesting stuff[0].


As far as I understand it, that would still require a running an
reachable sshd (so we'd still be mostly safe).

But he also thinks[1] that it may allow an interactive session.
(Not that this would change a lot, if the adversary can use system().)


Still, shows that there may be more hidden stuff, and we may not be out
of the woods yet.


Cheers,
Chris.

[0] https://twitter.com/bl4sty/status/1776691497506623562
[1] https://twitter.com/bl4sty/status/1776692874232434932

Reply to:

References:
- Re: xz backdoor
  - From: Sirius <sirius@trudheim.com>
- Re: xz backdoor
  - From: Christoph Anton Mitterer <calestyo@scientia.org>

Prev by Date: Re: xz backdoor
Next by Date: Bug#1068518: ITP: kf6-ksvg -- Library for rendering SVG-based themes with stylesheet re-coloring and on-disk caching
Previous by thread: Re: xz backdoor
Next by thread: Re: xz backdoor
Index(es):
- Date
- Thread