Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
floss.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
For people who care about, support, and build Free, Libre, and Open Source Software (FLOSS).

Administered by:

Server stats:

681
active users

floss.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

Public
Berto Garcia

This is big: one of the xz-utils / liblzma *upstream maintainers* added malicious code to the last couple of releases. This is the person who actually publishes and signs the tarballs. If you are using liblzma 5.6.0 or 5.6.1 make sure to update your packages asap and consider reinstalling the OS or recreating the container.

openwall.com/lists/oss-securit

www.openwall.comoss-security - backdoor in upstream xz/liblzma leading to ssh server compromise
Public
LogicalErzor

@berto This person seems to have committed to various other repositories, such as the Linux kernel. Do you know if there is a audit on that code as well?

Berto Garcia

@Logical_Error I don't think I have seen code in the kernel, just mentions to their name in the maintainers file

Mar 29, 2024, 10:23 PM·Public·Twidere for Android
0boosts·1favorite
Explore
About