1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • Re: Fwd: [oss-security] backdoor in upstream xz/liblzma leading to ssh

    From Roberto =?iso-8859-1?Q?C=2E_S=E1nch@21:1/5 to Jeffrey Walton on Fri Mar 29 19:10:01 2024
    On Fri, Mar 29, 2024 at 01:52:18PM -0400, Jeffrey Walton wrote:
    Seems relevant since Debian adopted xz about 10 years ago.

    Also note that this has been addressed in Debian: https://lists.debian.org/debian-security-announce/2024/msg00057.html

    Provided here for the benefit those who are not subscribed to debian-security-announce.

    Regards,

    -Roberto

    --
    Roberto C. Sánchez

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andy Smith@21:1/5 to Jeffrey Walton on Fri Mar 29 21:00:01 2024
    Hello,

    On Fri, Mar 29, 2024 at 01:52:18PM -0400, Jeffrey Walton wrote:
    Seems relevant since Debian adopted xz about 10 years ago.

    Though we do not know how or why this developer has come to recently
    put apparent exploits in it, so we can't yet draw much of a
    conclusion beyond "sometimes people do bad stuff to good software".

    Sounds like it'll be an interesting story though. It's going to
    drive a lot of conspiracy theories.

    Thanks,
    Andy

    --
    https://bitfolk.com/ -- No-nonsense VPS hosting

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)