This is big: one of the xz-utils / liblzma *upstream maintainers* added malicious code to the last couple of releases. This is the person who actually publishes and signs the tarballs. If you are using liblzma 5.6.0 or 5.6.1 make sure to update your packages asap and consider reinstalling the OS or recreating the container.
Notices by Berto Garcia (berto@floss.social)
-
Embed this notice
Berto Garcia (berto@floss.social)'s status on Saturday, 30-Mar-2024 03:10:54 JST Berto Garcia -
Embed this notice
Berto Garcia (berto@floss.social)'s status on Saturday, 09-Dec-2023 03:26:35 JST Berto Garcia If you ever wanted to try SerenityOS or the Ladybird browser but never had the time to build it from source, you can check out today's VM image from the QEMU advent calendar