[prev in list] [next in list] [prev in thread] [next in thread]
List: macports-users
Subject: Re: XZ Utils Compromised Releases
From: Rainer_Müller <raimue () macports ! org>
Date: 2024-03-29 18:23:17
Message-ID: b1cff157-c1b6-4f61-9ffc-9bb0e8c4f61e () macports ! org
[Download RAW message or body]
On 29/03/2024 18.52, Blair Zajac wrote:
> In https://www.openwall.com/lists/oss-security/2024/03/29/4
> <https://www.openwall.com/lists/oss-security/2024/03/29/4> it says
>
> == Bug reports ==
>
> Given the apparent upstream involvement I have not reported an upstream
> bug….
>
>
> I suggest not waiting for an upstream release and instead revert our
> commit and add an epoch line.
You are right. That is the best way as we cannot be sure what else just
has not been discovered in the backdoor-ed releases.
Joshua already pushed the downgrade to xz @5.4.6 with the epoch bumped.
Thank you!
https://trac.macports.org/ticket/69619
https://github.com/macports/macports-ports/commit/a1388aee09c9e921e3a9d47cf9d37e5d3f3c10ad
Rainer
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic