Ancestors

Toot

Written by Luka Rubinjoni on 2024-03-29 at 23:31

Manjaro is still shipping the 5.6.1-2 version of the xz package. #xz #liblzma #cve20243094 #manjaro @manjarolinux

EDIT: probably a false alarm on my side, but check your version and available update - 5.6.1-2 should be "good"

https://archlinux.org/news/the-xz-package-has-been-backdoored/

=> More informations about this toot | More toots from rubinjoni@mastodon.social

Descendants

Written by Schreini on 2024-03-29 at 23:55

@rubinjoni @manjarolinux

"The xz packages prior to version 5.6.1-2 (specifically 5.6.0-1 and 5.6.1-1) contain this backdoor."

source: https://archlinux.org/news/the-xz-package-has-been-backdoored/

code: https://gitlab.archlinux.org/archlinux/packaging/packages/xz/-/commit/881385757abdc39d3cfea1c3e34ec09f637424ad

=> More informations about this toot | More toots from Cs137@chaos.social

Written by Schreini on 2024-03-30 at 00:02

@rubinjoni @manjarolinux have a look at the corresponding issue for details: https://gitlab.archlinux.org/archlinux/packaging/packages/xz/-/issues/2

=> More informations about this toot | More toots from Cs137@chaos.social

Proxy Information
Original URL
gemini://mastogem.picasoft.net/thread/112181582546695358
Status Code
Success (20)
Meta
text/gemini
Capsule Response Time
264.794968 milliseconds
Gemini-to-HTML Time
0.525035 milliseconds

This content has been proxied by September (ba2dc).