On 24/03/29, Alex Pilon via sigs-l3go wrote: > In case you didn't see the news a few hours ago ON A GOOD FRIDAY THANKS > A LOT. > > https://www.openwall.com/lists/oss-security/2024/03/29/4 > https://lwn.net/Articles/967180/ > https://boehs.org/node/everything-i-know-about-the-xz-backdoor > https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27 > https://security.archlinux.org/CVE-2024-3094 (has links to all the other distros) > https://hachyderm.io/@joeyh/112180715824680521 > https://news.ycombinator.com/item?id=39865810 > > @bcrl, it was a Postgres developer who found out the bug while trying to > quiesce a system. Thanks Alex. I'd seen this earlier today and thankfully so far, all debian stable are not vulnerable, neither is fedora 40 beta or earlier. No RHEL is vulnerable. Nasty indeed. > Good night. slainte mhath, RGB -- Richard Guy Briggs -- ~\ -- ~\ <hpv.tricolour.ca> <www.TriColour.ca> -- \___ o \@ @ Ride yer bike! Ottawa, ON, CANADA -- Lo_>__M__\\/\%__\\/\% Vote! -- <greenparty.ca>_____GTVS6#790__(*)__(*)________(*)(*)_________________ -- Manage your subscription: https://lists.linux-ottawa.org/sigs-l3go/listinfo.html