guix-devel
[
Top
][
All Lists
]
Advanced
[
Date Prev
][
Date Next
][
Thread Prev
][
Thread Next
][
Date Index
][
Thread Index
]
Backdoor in upstream xz-utils
From
:
Ryan Prior
Subject
:
Backdoor in upstream xz-utils
Date
:
Fri, 29 Mar 2024 17:51:59 +0000
I'm reading today that a backdoor is present in xz's upstream tarball (but not in git), starting at version 5.6.0. Source:
https://www.openwall.com/lists/oss-security/2024/03/29/4
Guix currently packages xz-utils 5.2.8 as "xz" using the upstream tarball. Is there a way we can blacklist known bad versions? Should we switch from using upstream tarballs to some fork with more responsible maintainers?
Ryan
reply via email to
[Prev in Thread]
Current Thread
[
Next in Thread
]
Backdoor in upstream xz-utils
,
Ryan Prior
<=
Re: Backdoor in upstream xz-utils
,
Felix Lechner
,
2024/03/29
Re: Backdoor in upstream xz-utils
,
Tomas Volf
,
2024/03/29
Re: Backdoor in upstream xz-utils
,
Ricardo Wurmus
,
2024/03/30
Re: Backdoor in upstream xz-utils
,
John Kehayias
,
2024/03/29
Re: Backdoor in upstream xz-utils
,
Rostislav Svoboda
,
2024/03/31
Prev by Date:
Re: Error handling when 'guix substitute' dies
Next by Date:
Re: Backdoor in upstream xz-utils
Previous by thread:
Google Summer of Code Inquiry
Next by thread:
Re: Backdoor in upstream xz-utils
Index(es):
Date
Thread