GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    🆘Bill Cole 🇺🇦 (grumpybozo@toad.social)'s status on Sunday, 31-Mar-2024 06:58:56 JST 🆘Bill Cole 🇺🇦 🆘Bill Cole 🇺🇦

    For anyone who has missed it: One of the maintainers of xz/liblzma (& libarchive?) has apparently been backdooring it for a couple of years. [REDACTED: FACTUAL ERROR] So once again I luck out with my oblivious computing choices, as much of what I work with is BSD-based

    EDIT: I misread the initial analysis. It is NOT Debian-specific. It is Linux+GCC-specific

    #InfoSec #xzutils #XZBackdoor https://chaos.social/@ck/112180976619489222

    In conversation about 10 months ago from toad.social permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      ck (@ck@chaos.social)
      from ck
      @corbet@social.kernel.org Not necessarily, though a maintainer would certainly be a good idea. Apparently, the author of the backdoor lobbied aggressively with the Fedora maintainers and managed to sneak it by them: https://news.ycombinator.com/item?id=39865810#39866275

    Feeds

    • Activity Streams
    • RSS 2.0
    • Atom
    • Help
    • About
    • FAQ
    • TOS
    • Privacy
    • Source
    • Version
    • Contact

    GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

    Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.