Conversation

Notices

1. Embed this notice
   Chimera Linux (chimera_linux@floss.social)'s status on Saturday, 30-Mar-2024 02:29:52 JST Chimera Linux

   • /dev/urandom

   @rnd they are not affected either, just for not as many reasons (they use musl so they are not affected)

   • Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Chimera Linux (chimera_linux@floss.social)'s status on Saturday, 30-Mar-2024 08:13:14 JST Chimera Linux

     in reply to

     • Alpine Linux :alpine:
     • /dev/urandom

     @alpinelinux @rnd that does not look right; before the commit made 4 hours ago, you were using the same affected tarballs: https://gitlab.alpinelinux.org/alpine/aports/-/commit/982d2c6bcbbb579e85bb27c40be84072ca0b1fd9

     the switch has introduced another problem and that's a build-time depcycle (xz->gettext->libxml2->xz) - which is the primary reason we have not switched (pregenerated autotools files solve that)

     that said, there is no difference otherwise, since the malicious condition does *not* trigger even with the upstream release tarball

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Alpine Linux :alpine: (alpinelinux@fosstodon.org)'s status on Saturday, 30-Mar-2024 08:13:15 JST Alpine Linux :alpine:

     in reply to

     • /dev/urandom

     @chimera_linux @rnd Yes, we're indeed not affected. Even the sources we used were not affected.