Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87cyrbzw2z.fsf@daath.pimeys.fr>
Date: Sat, 30 Mar 2024 14:29:06 +0100
From: Pierre-Elliott Bécue <peb@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: backdoor in upstream xz/liblzma leading to
 ssh server compromise

Bjoern Franke <bjo@...afweide.org> wrote on 30/03/2024 at 14:06:38+0100:

> Am 30.03.24 um 04:50 schrieb Loganaden Velvindron:
>> Github has suspended the repo:
>> https://github.com/tukaani-project/xz
>> Im wondering what is the next step for the xz project as a whole ?
>> 
>
> https://git.tukaani.org/?p=xz.git;a=summary exists and Lasse said on
> IRC he thinks he would make a clean 5.6.2 release.
>
> Regards

I honestly would like to extend my sympathy to Lasse.

This situation must clearly be a hell for him.

Someone asked what would become of xz as a project. I do hope in light
of this event, some people step in to help.

-- 
PEB

Download attachment "signature.asc" of type "application/pgp-signature" (854 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.