Further musings on this (not by me, but by Joey Hess - much better
qualified that I'll ever be to comment;
https://joeyh.name/blog/entry/reflections_on_distrusting_xz/
--
Regards _ "Valid sig separator is {dash}{dash}{space}"
/ ) "The blindingly obvious is never immediately
On Mon, 1 Apr 2024 14:21:02 +0100
James Dutton via Hampshire wrote:
Hello James,
>Maybe someone needs to write a tool that scans all .deb and .rpm
>install bash scripts, and highlights any non-trivial ones.
There's discussion of the issue on the Debian Developers ML. I read it,
but don't post;
On Sat, 30 Mar 2024 at 08:43, Nick Chalk via Hampshire
wrote:
>
> In case anyone hasn't seen this...
>
> A security compromise has been discovered in
> liblzma, part of the XZ compression utilities.
> This can affect OpenSSH's sshd, due to integration
> with systemd.
>
I guess this is a reminder
In case anyone hasn't seen this...
A security compromise has been discovered in
liblzma, part of the XZ compression utilities.
This can affect OpenSSH's sshd, due to integration
with systemd.
Article:
https://lwn.net/Articles/967180/
Mailing list thread:
https://lwn.net/ml/oss-security/20
