On 24/03/29, Richard Guy Briggs via sigs-l3go wrote: > On 24/03/29, Alex Pilon via sigs-l3go wrote: > > In case you didn't see the news a few hours ago ON A GOOD FRIDAY THANKS > > A LOT. > > > > https://www.openwall.com/lists/oss-security/2024/03/29/4 > > https://lwn.net/Articles/967180/ > > https://boehs.org/node/everything-i-know-about-the-xz-backdoor > > https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27 > > https://security.archlinux.org/CVE-2024-3094 (has links to all the other distros) > > https://hachyderm.io/@joeyh/112180715824680521 > > https://news.ycombinator.com/item?id=39865810 > > > > @bcrl, it was a Postgres developer who found out the bug while trying to > > quiesce a system. > > Thanks Alex. I'd seen this earlier today and thankfully so far, all > debian stable are not vulnerable, neither is fedora 40 beta or > earlier. No RHEL is vulnerable. Nasty indeed. https://lore.kernel.org/lkml/202403291221.124220E0F4@keescook/ > > Good night. > > slainte mhath, RGB slainte mhath, RGB -- Richard Guy Briggs -- ~\ -- ~\ <hpv.tricolour.ca> <www.TriColour.ca> -- \___ o \@ @ Ride yer bike! Ottawa, ON, CANADA -- Lo_>__M__\\/\%__\\/\% Vote! -- <greenparty.ca>_____GTVS6#790__(*)__(*)________(*)(*)_________________ -- Manage your subscription: https://lists.linux-ottawa.org/sigs-l3go/listinfo.html