More about this is now published on the Fedora Magazine as well in this statement: https://fedoramagazine.org/cve-2024-3094-security-alert-f40-rawhide/
Thank you to all of our Fedora first responders who stopped something that could have been much worse. We should feel proud here. As far as Fedora and our ecosystem is concerned, the exploit failed. https://floss.social/@jwildeb...@social.wildeboer.net/112181976426765177 On Fri, Mar 29, 2024 at 2:01 PM Kevin Kofler via devel < devel@lists.fedoraproject.org> wrote: > Hi, > > wow: https://www.openwall.com/lists/oss-security/2024/ > > I think at this point we clearly cannot trust xz upstream anymore and > should > probably fork the project. > > Kevin Kofler > -- > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > -- *JWF* (*he/him*) || 📧 j...@redhat.com TZ=America/New_York (UTC-4) 🕗 *Fedora is a registered Digital Public Good <https://app.digitalpublicgoods.net/a/10035>* While I may be sending this email outside my normal office hours, I have no expectation to receive a reply outside yours.
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue