commit: d0af67d1a987d513bf8f9be04b57dc41977394be
parent 1e3c5d2e82846c9c1a7ba8218ae5b2d78390ba46
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Fri, 29 Mar 2024 18:36:57 +0100
bookmarks: oss-security - backdoor in upstream xz/liblzma
Diffstat:
1 file changed, 7 insertions(+), 0 deletions(-)
diff --git a/bookmarks.xbel b/bookmarks.xbel
@@ -126,6 +126,13 @@
<title>How a backdoor in the Linux kernel was thwarted, from RISKS</title>
<desc>"On 5 Nov 2003, an attempt to insert a very cleverly crafted backdoor into Linux was averted."</desc>
</bookmark>
+ <bookmark added="2024-03-29T18:30:39+01:00" href="https://www.openwall.com/lists/oss-security/2024/03/29/4">
+ <title>oss-security - backdoor in upstream xz/liblzma leading to ssh server compromise</title>
+ <desc>
+ Where tukaani's xz/lzma-utils 5.6.0/5.6.1 got a backdoor added by the author in the signed tarballs.
+ Own note: And there is an example of why as package maintainers we should diff the tarballs they're vouching to users rather than rely entirely on git, although in that one it's at the end of ./configure which is nearly unreadable m4/autotools soup.
+ </desc>
+ </bookmark>
</folder>
<folder>