[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gcc
Subject:    Security warning about xz library compromise
From:       Mark Wielaard <mark () klomp ! org>
Date:       2024-03-29 20:39:09
Message-ID: 20240329203909.GS9427 () gnu ! wildebeest ! org
[Download RAW message or body]

Sourceware hosts are not affected by the latest xz backdoor.

But we have reset the https://builder.sourceware.org containers of
debian-testing, fedora-rawhide and opensuse-tumbleweed. These
containers however didn't have ssh installed, were running on isolated
VMs on separate machines from our main hosts, snapshots and backup
servers.

If you are running one of these distros on your development machines
then please consult your distro security announcements:

https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
https://lists.debian.org/debian-security-announce/2024/msg00057.html
https://archlinux.org/news/the-xz-package-has-been-backdoored/
https://news.opensuse.org/2024/03/29/xz-backdoor/
[prev in list] [next in list] [prev in thread] [next in thread]