[Buildroot] [PATCH v1 1/4] package/xz: bump version to 5.6.0
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Sun Mar 31 07:26:00 UTC 2024
Hello,
On Fri, 29 Mar 2024 20:54:07 +0100
"Yann E. MORIN" <yann.morin.1998 at free.fr> wrote:
> On 2024-03-29 11:21 -0600, James Hilliard spake thusly:
> [--SNIP--]
> > -XZ_VERSION = 5.4.6
> > +XZ_VERSION = 5.6.0
> > Is this version backdoored?
> > [17]https://www.openwall.com/lists/oss-security/2024/03/29/4
>
> Wahoo. Just, wahoo... thanks for pointing this out, I've marked the
> series rejected.
>
> I've been reading on this story, and it is just, well, I don't have
> words. I'm stomached.
The story is indeed crazy. For once, the fact that we are somewhat slow
at merging patches ensured this didn't get applied before the backdoor
was discovered :-)
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
More information about the buildroot
mailing list