h***@tuta.io
2024-03-30 01:15:53 UTC
Hi everyone,
I recently read through this: https://www.openwall.com/lists/oss-security/2024/03/29/4
It sounds like xz 5.6.0 and 5.6.1 are backdoored. Not sure if FreeBSD is or not, but it looks like 14-stable and main have xz 5.6.0. In my opinion, earlier versions may also be suspect given that this may have been a deliberate backdoor from a maintainer.
I propose that we go back to a "known safe" version. It would probably be unwise to push 14.1 as-is, as well.
The Github repository has currently been locked out.
Hoping that someone more aware of what's going on can offer more insight.
Thanks!
-Henrich
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
I recently read through this: https://www.openwall.com/lists/oss-security/2024/03/29/4
It sounds like xz 5.6.0 and 5.6.1 are backdoored. Not sure if FreeBSD is or not, but it looks like 14-stable and main have xz 5.6.0. In my opinion, earlier versions may also be suspect given that this may have been a deliberate backdoor from a maintainer.
I propose that we go back to a "known safe" version. It would probably be unwise to push 14.1 as-is, as well.
The Github repository has currently been locked out.
Hoping that someone more aware of what's going on can offer more insight.
Thanks!
-Henrich
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de