Re: Fwd: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise

To: debian-user@lists.debian.org
Subject: Re: Fwd: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise
From: Andy Smith <andy@strugglers.net>
Date: Fri, 29 Mar 2024 19:55:39 +0000
Message-id: <[🔎] Zgccu861HNi6ITp5@mail.bitfolk.com>
In-reply-to: <[🔎] CAH8yC8mRnj4QNAWscGRcm=yGhEjSspUbBmPGbBOmOZsDY2zNXQ@mail.gmail.com>
References: <20240329155126.kjjfduxw2yrlxgzm@awork3.anarazel.de> <[🔎] CAH8yC8mRnj4QNAWscGRcm=yGhEjSspUbBmPGbBOmOZsDY2zNXQ@mail.gmail.com>

Hello,

On Fri, Mar 29, 2024 at 01:52:18PM -0400, Jeffrey Walton wrote:
> Seems relevant since Debian adopted xz about 10 years ago.

Though we do not know how or why this developer has come to recently
put apparent exploits in it, so we can't yet draw much of a
conclusion beyond "sometimes people do bad stuff to good software".

Sounds like it'll be an interesting story though. It's going to
drive a lot of conspiracy theories.

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Reply to:

References:
- Fwd: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise
  - From: Jeffrey Walton <noloader@gmail.com>

Prev by Date: Re: Could Gnome's "install pending software updates" cause installation scripts to misbehave?
Next by Date: Re: making Debian secure by default
Previous by thread: Re: Fwd: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise
Next by thread: Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise
Index(es):
- Date
- Thread