oss-sec mailing list archives

Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise

From: Pierre-Elliott Bécue <peb () debian org>
Date: Sat, 30 Mar 2024 14:29:06 +0100

Bjoern Franke <bjo () schafweide org> wrote on 30/03/2024 at 14:06:38+0100:

Am 30.03.24 um 04:50 schrieb Loganaden Velvindron:

Github has suspended the repo:
https://github.com/tukaani-project/xz
Im wondering what is the next step for the xz project as a whole ?


https://git.tukaani.org/?p=xz.git;a=summary exists and Lasse said on
IRC he thinks he would make a clean 5.6.2 release.

Regards


I honestly would like to extend my sympathy to Lasse.

This situation must clearly be a hell for him.

Someone asked what would become of xz as a project. I do hope in light
of this event, some people step in to help.

-- 
PEB

Attachment: signature.asc
Description:

Current thread:

Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise, (continued)
- - - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Marc Deslauriers (Mar 29)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Tavis Ormandy (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Marc Deslauriers (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Marcin Wolcendorf (Mar 30)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Tavis Ormandy (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Marc Deslauriers (Mar 30)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Tavis Ormandy (Mar 30)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Bo Anderson (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Loganaden Velvindron (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Bjoern Franke (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Pierre-Elliott Bécue (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jeffrey Walton (Mar 30)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Mats Wichmann (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jan Engelhardt (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Pat Gunn (Mar 30)
    - SV: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Markus Klyver (Mar 31)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Loganaden Velvindron (Mar 31)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Russ Allbery (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Mike O'Connor (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Florian Weimer (Mar 30)

(Thread continues...)