oss-sec mailing list archives

Re: backdoor in upstream xz/liblzma leading to ssh server compromise

From: Andres Freund <andres () anarazel de>
Date: Fri, 29 Mar 2024 14:53:29 -0700

Hi,

On 2024-03-29 22:10:52 +0100, Solar Designer wrote:

On Fri, Mar 29, 2024 at 07:55:48PM -0000, Tavis Ormandy wrote:

Thanks Andres, amazing work!


Certainly, thank you very much Andres!  Many others have helped in
various ways as well, all of this is appreciated.
...
4. More findings were still being made and the wording of Andres'
posting improved per private feedback.


Indeed! I should really have called this out more explicitly. I'll blame
nervousness and having had only a single coffee.  Thanks a lot to all that
helped!

And sorry all for releasing this just before what for many is a holiday
weekend.

Greetings,

Andres Freund

Current thread:

Re: backdoor in upstream xz/liblzma leading to ssh server compromise, (continued)
- - - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Demi Marie Obenour (Mar 29)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 29)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 31)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Michael Tokarev (Mar 31)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 29)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 29)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 30)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Matthias Weckbecker (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Tavis Ormandy (Mar 29)
  - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 29)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 29)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Tavis Ormandy (Mar 29)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 29)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Tavis Ormandy (Mar 29)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Liguori, Anthony (Mar 29)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Marc Deslauriers (Mar 29)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Russ Allbery (Mar 29)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Marc Deslauriers (Mar 29)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Tavis Ormandy (Mar 29)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Marc Deslauriers (Mar 29)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Tavis Ormandy (Mar 30)

(Thread continues...)