oss-sec mailing list archives

Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise

From: Russ Allbery <eagle () eyrie org>
Date: Sat, 30 Mar 2024 09:07:14 -0700

Pierre-Elliott Bécue <peb () debian org> writes:

I honestly would like to extend my sympathy to Lasse.

This situation must clearly be a hell for him.

Someone asked what would become of xz as a project. I do hope in light
of this event, some people step in to help.


Also if there's anything the community can do for Lasse personally, please
pass that along.  Anyone can be the victim of social engineering.  The
critical moments always look obvious in retrospect, but it's impossible
for humans to be sufficiently paranoid to catch the signs 100% of the time
and still function in society.

I suspect many of us here have had nightmares about being in Lasse's
position, and probably will have more of them in the future.

-- 
Russ Allbery (eagle () eyrie org)             <https://www.eyrie.org/~eagle/>

Current thread:

Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise, (continued)
- - - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Loganaden Velvindron (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Bjoern Franke (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Pierre-Elliott Bécue (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jeffrey Walton (Mar 30)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Mats Wichmann (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jan Engelhardt (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Pat Gunn (Mar 30)
    - SV: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Markus Klyver (Mar 31)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Loganaden Velvindron (Mar 31)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Russ Allbery (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Mike O'Connor (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Florian Weimer (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise sjw (Mar 29)
  - Re: backdoor in upstream xz/liblzma leading to ssh server compromise sjw (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Alexander E. Patrakov (Mar 30)
  - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Axel Beckert (Mar 30)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Salvatore Bonaccorso (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Collin Funk (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jonathan Schleifer (Mar 30)
  - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 30)

(Thread continues...)