Re: Backdoor in upstream xz-utils

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Backdoor in upstream xz-utils

From:	Ricardo Wurmus
Subject:	Re: Backdoor in upstream xz-utils
Date:	Sat, 30 Mar 2024 22:02:27 +0100
User-agent:	mu4e 1.10.8; emacs 29.1

Tomas Volf <~@wolfsden.cz> writes:

> On 2024-03-29 13:39:59 -0700, Felix Lechner via Development of GNU Guix and 
> the GNU System distribution. wrote:
>> > Is there a way we can blacklist known bad versions?
>>
>> Having said all that, I am not sure Guix is affected.
>>
>> On my systems, the 'detect.sh' script shows no referece to liblzma in
>> sshd.  Everyone, please send additional reports.
>
> If nothing else, our xz is at 5.2.8.  I think the question was if there is a 
> way
> to blacklist specific known tarball to ensure no-one updates to it by 
> accident.

The properties field on a package definition can be used to record
arbitrary information, which could be read by `guix lint`.

-- 
Ricardo

[Prev in Thread]

Current Thread

[Next in Thread]

Backdoor in upstream xz-utils, Ryan Prior, 2024/03/29
- Re: Backdoor in upstream xz-utils, Felix Lechner, 2024/03/29
  - Re: Backdoor in upstream xz-utils, Tomas Volf, 2024/03/29
    - Re: Backdoor in upstream xz-utils, Ricardo Wurmus <=
- Re: Backdoor in upstream xz-utils, John Kehayias, 2024/03/29
  - Re: Backdoor in upstream xz-utils, Rostislav Svoboda, 2024/03/31

Prev by Date: Re: Emacs and Gnome branches are merged now
Next by Date: Recent security issues (guix-daemon and xz)
Previous by thread: Re: Backdoor in upstream xz-utils
Next by thread: Re: Backdoor in upstream xz-utils
Index(es):
- Date
- Thread