Memes

45655 readers

2529 users here now

Rules:

Be civil and nice.
Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago

MODERATORS

[email protected]

309

love is in the air? (lemy.lol)

submitted 7 months ago by [email protected] to c/[email protected]

45 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 22 points 7 months ago (11 children)

Arch isn't affected afaik, as it specifically targeted Debian and RPM. Also, sshd isn't linked against liblzma (or something along those lines). And I hope that's true, because otherwise, I had a backdoor on a public system for over a month.

[–] [email protected] 6 points 7 months ago (3 children)

https://archlinux.org/news/the-xz-package-has-been-backdoored/

[–] [email protected] 7 points 7 months ago (1 children)

And as https://www.openwall.com/lists/oss-security/2024/03/29/4 says:

"These conditions include targeting only x86-64 linux: [...] Building with gcc and the gnu linker [...] Running as part of a debian or RPM package build:"

I'm not an expert of course.

[–] [email protected] 2 points 7 months ago

Holy shit that was a hell of a dive. And no wonder the dude got it working, he was just pounding those "test and translation" commits

load more comments (1 replies)

load more comments (8 replies)