oss-sec mailing list archives
Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise
From: Russ Allbery <eagle () eyrie org>
Date: Sat, 30 Mar 2024 09:07:14 -0700
Pierre-Elliott Bécue <peb () debian org> writes:
I honestly would like to extend my sympathy to Lasse.
This situation must clearly be a hell for him.
Someone asked what would become of xz as a project. I do hope in light of this event, some people step in to help.
Also if there's anything the community can do for Lasse personally, please pass that along. Anyone can be the victim of social engineering. The critical moments always look obvious in retrospect, but it's impossible for humans to be sufficiently paranoid to catch the signs 100% of the time and still function in society. I suspect many of us here have had nightmares about being in Lasse's position, and probably will have more of them in the future. -- Russ Allbery (eagle () eyrie org) <https://www.eyrie.org/~eagle/>
Current thread:
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise, (continued)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Loganaden Velvindron (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Bjoern Franke (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Pierre-Elliott Bécue (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jeffrey Walton (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Mats Wichmann (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jan Engelhardt (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Pat Gunn (Mar 30)
- SV: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Markus Klyver (Mar 31)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Loganaden Velvindron (Mar 31)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Russ Allbery (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Mike O'Connor (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Florian Weimer (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Axel Beckert (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Salvatore Bonaccorso (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 30)