Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240329215329.mgpj6hjbk4hdxcwr@awork3.anarazel.de>
Date: Fri, 29 Mar 2024 14:53:29 -0700
From: Andres Freund <andres@...razel.de>
To: oss-security@...ts.openwall.com
Subject: Re: backdoor in upstream xz/liblzma leading to ssh
 server compromise

Hi,

On 2024-03-29 22:10:52 +0100, Solar Designer wrote:
> On Fri, Mar 29, 2024 at 07:55:48PM -0000, Tavis Ormandy wrote:
> > Thanks Andres, amazing work!
>
> Certainly, thank you very much Andres!  Many others have helped in
> various ways as well, all of this is appreciated.
> ...
> 4. More findings were still being made and the wording of Andres'
> posting improved per private feedback.

Indeed! I should really have called this out more explicitly. I'll blame
nervousness and having had only a single coffee.  Thanks a lot to all that
helped!

And sorry all for releasing this just before what for many is a holiday
weekend.

Greetings,

Andres Freund

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.