Accepted python-cliff 4.6.0-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 16:05:48 +0200 Source: python-cliff Architecture: source Version: 4.6.0-2 Distribution: unstable Urgency: medium Maintainer: Debian OpenStack Changed-By: Thomas Goirand Changes: python-cliff (4.6.0-2) unstable;

Accepted python-castellan 5.0.0-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 16:05:08 +0200 Source: python-castellan Architecture: source Version: 5.0.0-2 Distribution: unstable Urgency: medium Maintainer: Debian OpenStack Changed-By: Thomas Goirand Changes: python-castellan (5.0.0-2)

Accepted lollypop 1.4.38-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 16:03:26 +0200 Source: lollypop Architecture: source Version: 1.4.38-1 Distribution: unstable Urgency: medium Maintainer: Debian Python Team Changed-By: Andreas Rönnquist Changes: lollypop (1.4.38-1) unstable;

Accepted libxmlb 0.3.16-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 03 Apr 2024 09:10:32 -0500 Source: libxmlb Built-For-Profiles: noudeb Architecture: source Version: 0.3.16-1 Distribution: unstable Urgency: medium Maintainer: Debian EFI team Changed-By: Mario Limonciello Changes: libxmlb

Re: Debian openssh option review: considering splitting out GSS-API key exchange

On Wed, 03 Apr 2024 14:10:37 +0100, "Jonathan Dowland" wrote: >On Tue Apr 2, 2024 at 12:30 PM BST, Marc Haber wrote: >> Please don't drop the mechanism that saved my¹ unstable installations >> from being vulnerable to the current xz-based attack. Just having to >> dump an ALL: ALL into

Accepted gcc-11 11.4.0-8 (source) into unstable

; urgency=medium . * Update to git 20240403 from the gcc-11 branch. - Fix PR tree-optimization/111407, PR sanitizer/97696, PR target/108743 (Darwin), PR target/101737 (SH), PR target/114098 (x86), PR target/110411 (PPC), PR target/108120 (ARM), PR target/111677 (AArch64), PR

Re: Debian openssh option review: considering splitting out GSS-API key exchange

On Tue Apr 2, 2024 at 12:30 PM BST, Marc Haber wrote: > Please don't drop the mechanism that saved my¹ unstable installations > from being vulnerable to the current xz-based attack. Just having to > dump an ALL: ALL into /etc/hosts.deny is vastly easier than having to > maintain a packet filter.

Accepted qemu 1:9.0.0~rc2+ds-1 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 03 Apr 2024 15:43:26 +0300 Source: qemu Architecture: source Version: 1:9.0.0~rc2+ds-1 Distribution: experimental Urgency: medium Maintainer: Debian QEMU Team Changed-By: Michael Tokarev Changes: qemu (1:9.0.0~rc2+ds-1)

Accepted nauty 2.8.8+ds-5 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 03 Apr 2024 08:48:37 -0400 Source: nauty Built-For-Profiles: noudeb Architecture: source Version: 2.8.8+ds-5 Distribution: unstable Urgency: medium Maintainer: Debian Math Team Changed-By: Doug Torrance Changes: nauty

Accepted package-lint-el 0.23-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 03 Apr 2024 17:14:25 +0500 Source: package-lint-el Architecture: source Version: 0.23-1 Distribution: unstable Urgency: medium Maintainer: Debian Emacsen team Changed-By: Lev Lamberov Changes: package-lint-el (0.23-1)

Accepted gcc-12 12.3.0-17 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 03 Apr 2024 14:21:48 +0200 Source: gcc-12 Architecture: source Version: 12.3.0-17 Distribution: unstable Urgency: medium Maintainer: Debian GCC Maintainers Changed-By: Matthias Klose Changes: gcc-12 (12.3.0-17) unstable;

Accepted python-mercantile 1.2.1-1 (source all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 15 Mar 2024 11:49:14 +0100 Source: python-mercantile Binary: python3-mercantile Architecture: source all Version: 1.2.1-1 Distribution: unstable Urgency: medium Maintainer: Debian OpenStack Changed-By: Thomas Goirand

Accepted trickle 1.07-13 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 13:18:05 +0200 Source: trickle Architecture: source Version: 1.07-13 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Andreas Beckmann Closes: 1066604 Changes: trickle (1.07-13)

Accepted shutter 0.99.5-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 14:06:34 +0200 Source: shutter Architecture: source Version: 0.99.5-1 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group Changed-By: Andrej Shadura Changes: shutter (0.99.5-1) unstable;

Accepted pulseaudio 16.1+dfsg1-5 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 03 Apr 2024 08:06:33 -0400 Source: pulseaudio Built-For-Profiles: noudeb Architecture: source Version: 16.1+dfsg1-5 Distribution: unstable Urgency: medium Maintainer: Pulseaudio maintenance team Changed-By: Jeremy Bícha

Accepted mksh 59c-36 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA384 Format: 1.8 Date: Wed, 03 Apr 2024 12:25:23 +0200 Source: mksh Architecture: source Version: 59c-36 Distribution: unstable Urgency: low Maintainer: Thorsten Glaser Changed-By: Thorsten Glaser Changes: mksh (59c-36) unstable; urgency=low . *

Accepted libopendbx 1.4.6-17 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 13:07:55 +0200 Source: libopendbx Architecture: source Version: 1.4.6-17 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Andreas Beckmann Closes: 1015508 1051751 1065767 Changes:

Accepted iotas 0.2.12+ds-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 13:02:14 +0200 Source: iotas Architecture: source Version: 0.2.12+ds-1 Distribution: unstable Urgency: medium Maintainer: Arnaud Ferraris Changed-By: Arnaud Ferraris Changes: iotas (0.2.12+ds-1) unstable;

Bug#1068317: ITP: python-pyzstd -- Facebook's Zstandard (or zstd as short name) algorithm for Python

Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-devel@lists.debian.org, yokota.h...@gmail.com * Package name: python-pyzstd Version : 0.15.10 Upstream Contact: Rogdham * URL : https://github.com/Rogdham/pyzstd * License :

Bug#1068315: ITP: python-pyppmd -- PPM(Prediction by partial matching) compression algorithm for Python

Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-devel@lists.debian.org, yokota.h...@gmail.com * Package name: python-pyppmd Version : 1.1.0 Upstream Contact: Hiroshi Miura * URL : https://codeberg.org/miurahr/pyppmd * License :

Bug#1068314: ITP: python-inflate64 -- Enhanced Deflate compression algorithm for Python

Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-devel@lists.debian.org, yokota.h...@gmail.com * Package name: python-inflate64 Version : 1.0.0 Upstream Contact: Hiroshi Miura * URL : https://codeberg.org/miurahr/inflate64 * License

Bug#1068313: ITP: python-brotlicffi -- Python CFFI bindings for the reference Brotli encoder/decoder

Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-devel@lists.debian.org, yokota.h...@gmail.com * Package name: python-brotlicffi Version : 1.1.0.0 Upstream Contact: Seth Michael Larson * URL : https://github.com/python-hyper/brotlicffi *

Bug#1068309: ITP: python-bcj -- BCJ(Branch-Call-Jump) filter for python

Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-devel@lists.debian.org, yokota.h...@gmail.com * Package name: python-bcj Version : 1.0.2 Upstream Contact: Hiroshi Miura * URL : https://codeberg.org/miurahr/pybcj * License :

Bug#1068305: ITP: python-multivolumefile -- multiple files-wrapping library for Python

Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-devel@lists.debian.org, yokota.h...@gmail.com * Package name: python-multivolumefile Version : 0.2.3 Upstream Contact: Hiroshi Miura * URL : https://codeberg.org/miurahr/multivolume * License

Accepted openssh 1:9.7p1-4 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 12:06:08 +0100 Source: openssh Architecture: source Version: 1:9.7p1-4 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSH Maintainers Changed-By: Colin Watson Changes: openssh (1:9.7p1-4)

Re: xz backdoor

On Fri, Mar 29, 2024 at 09:09:45PM +0100, Sirius wrote: > This is quite actively discussed on Fedora lists. > https://www.openwall.com/lists/oss-security/2024/ > https://www.openwall.com/lists/oss-security/2024/03/29/4 > > Worth taking a look if action need to be taken on Debian. FWIW, just

Accepted rust-treediff 4.0.3-1 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 03 Apr 2024 06:36:25 -0400 Source: rust-treediff Architecture: source Version: 4.0.3-1 Distribution: experimental Urgency: medium Maintainer: Debian Rust Maintainers Changed-By: Josenilson Ferreira da Silva Changes:

Accepted rust-bitter 0.6.2-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 03 Apr 2024 06:35:01 -0400 Source: rust-bitter Architecture: source Version: 0.6.2-1 Distribution: unstable Urgency: medium Maintainer: Debian Rust Maintainers Changed-By: Josenilson Ferreira da Silva Changes: rust-bitter

Accepted igraph 0.10.11+ds-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 03 Apr 2024 10:29:04 + Source: igraph Architecture: source Version: 0.10.11+ds-1 Distribution: unstable Urgency: medium Maintainer: Debian Med Packaging Team Changed-By: Jerome Benoit Changes: igraph (0.10.11+ds-1)

Accepted frameworkintegration 5.115.0-2 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 03 Apr 2024 12:39:37 +0200 Source: frameworkintegration Architecture: source Version: 5.115.0-2 Distribution: experimental Urgency: medium Maintainer: Debian Qt/KDE Maintainers Changed-By: Patrick Franz Changes:

Accepted golang-github-maraino-go-mock 0.0~git20230823.b114e0e-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 12:09:24 +0200 Source: golang-github-maraino-go-mock Architecture: source Version: 0.0~git20230823.b114e0e-1 Distribution: unstable Urgency: medium Maintainer: Debian Go Packaging Team Changed-By: Sascha

Accepted golang-github-dcso-fluxline 0.0~git20200907.78686e5-4 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 12:01:05 +0200 Source: golang-github-dcso-fluxline Architecture: source Version: 0.0~git20200907.78686e5-4 Distribution: unstable Urgency: medium Maintainer: Debian Go Packaging Team Changed-By: Sascha Steinbiss

Accepted zmat 0.9.9+ds.1-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 05:43:29 -0300 Source: zmat Architecture: source Version: 0.9.9+ds.1-2 Distribution: unstable Urgency: medium Maintainer: Debian Octave Group Changed-By: Rafael Laboissière Changes: zmat (0.9.9+ds.1-2) unstable;

Accepted play.it-vv221 2024-03-19-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 19 Mar 2024 19:53:13 +0100 Source: play.it-vv221 Architecture: source Version: 2024-03-19-1 Distribution: unstable Urgency: medium Maintainer: Debian Games Team Changed-By: Antoine Le Gonidec Changes: play.it-vv221

Accepted kvirc 4:5.2.2+dfsg-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 02 Apr 2024 22:48:30 +0500 Source: kvirc Architecture: source Version: 4:5.2.2+dfsg-2 Distribution: unstable Urgency: medium Maintainer: Debian KDE Extras Team Changed-By: Andrey Rakhmatullin Changes: kvirc (4:5.2.2+dfsg-2)

Accepted gimp-gap 2.6.0+dfsg-8 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 11:45:25 +0200 Source: gimp-gap Architecture: source Version: 2.6.0+dfsg-8 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Andreas Beckmann Closes: 1068059 Changes: gimp-gap

Accepted play.it-community 2024-03-19-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 19 Mar 2024 19:59:43 +0100 Source: play.it-community Architecture: source Version: 2024-03-19-1 Distribution: unstable Urgency: medium Maintainer: Debian Games Team Changed-By: Antoine Le Gonidec Changes: play.it-community

Accepted autopkgtest 5.34 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 03 Apr 2024 11:06:34 +0200 Source: autopkgtest Architecture: source Version: 5.34 Distribution: unstable Urgency: medium Maintainer: Debian CI team Changed-By: Paride Legovini Closes: 933064 1067406 Changes: autopkgtest

Accepted xtrkcad 1:5.2.0Beta2.1-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 10:41:33 +0200 Source: xtrkcad Architecture: source Version: 1:5.2.0Beta2.1-2 Distribution: unstable Urgency: medium Maintainer: Daniel E. Markle Changed-By: Mike Gabriel Closes: 1066691 Changes: xtrkcad

Accepted play.it 2.27.3-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 19 Mar 2024 19:44:46 +0100 Source: play.it Architecture: source Version: 2.27.3-1 Distribution: unstable Urgency: medium Maintainer: Debian Games Team Changed-By: Antoine Le Gonidec Changes: play.it (2.27.3-1) unstable;

Accepted libloc-database 0~20240319-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 03 Apr 2024 11:16:00 +0200 Source: libloc-database Architecture: source Version: 0~20240319-1 Distribution: unstable Urgency: medium Maintainer: libloc maintainers Changed-By: Hans-Christoph Steiner Changes: libloc-database

Accepted xine-ui 0.99.14+hg20240403-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 10:19:32 +0200 Source: xine-ui Architecture: source Version: 0.99.14+hg20240403-1 Distribution: unstable Urgency: high Maintainer: Patrick Matthäi Changed-By: Patrick Matthäi Closes: 1066760 Changes: xine-ui

Accepted needrestart 3.6-8 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 10:57:04 +0200 Source: needrestart Architecture: source Version: 3.6-8 Distribution: unstable Urgency: medium Maintainer: Patrick Matthäi Changed-By: Patrick Matthäi Closes: 1024426 1040673 1063155 1063719

Accepted kdenlive 24.02.1-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 11:02:47 +0200 Source: kdenlive Architecture: source Version: 24.02.1-1 Distribution: unstable Urgency: medium Maintainer: Patrick Matthäi Changed-By: Patrick Matthäi Changes: kdenlive (24.02.1-1) unstable;

Accepted geoip-database 20240403-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 10:58:27 +0200 Source: geoip-database Architecture: source Version: 20240403-1 Distribution: unstable Urgency: medium Maintainer: Patrick Matthäi Changed-By: Patrick Matthäi Changes: geoip-database (20240403-1

Accepted davix 0.8.6-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 03 Apr 2024 09:52:28 +0200 Source: davix Architecture: source Version: 0.8.6-1 Distribution: unstable Urgency: medium Maintainer: Mattias Ellert Changed-By: Mattias Ellert Changes: davix (0.8.6-1) unstable; urgency=medium

Accepted wireplumber 0.5.1-1 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 03 Apr 2024 10:45:11 +0200 Source: wireplumber Architecture: source Version: 0.5.1-1 Distribution: experimental Urgency: medium Maintainer: Utopia Maintenance Team Changed-By: Dylan Aïssi Changes: wireplumber (0.5.1-1)

Accepted adios 1.13.1-36 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 09:36:55 +0100 Source: adios Architecture: source Version: 1.13.1-36 Distribution: unstable Urgency: medium Maintainer: Alastair McKinstry Changed-By: Alastair McKinstry Changes: adios (1.13.1-36) unstable;

Accepted zmat 0.9.9+ds.1-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 04:46:51 -0300 Source: zmat Architecture: source Version: 0.9.9+ds.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Octave Group Changed-By: Rafael Laboissière Changes: zmat (0.9.9+ds.1-1) unstable;

Accepted grub2 2.12-1.1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 01 Apr 2024 10:20:09 +0200 Source: grub2 Architecture: source Version: 2.12-1.1 Distribution: unstable Urgency: medium Maintainer: GRUB Maintainers Changed-By: Bastian Blank Closes: 1067486 Changes: grub2 (2.12-1.1)

Accepted gcc-12 12.3.0-16 (source) into unstable

; urgency=medium . * Update to git 20240403 from the gcc-12 branch. - Fix PR tree-optimization/111407, PR target/113233 (loong64), PR sanitizer/97696, PR tree-optimization/110838, PR tree-optimization/91838, PR target/108743 (Darwin), PR target/101737 (SH), PR tree

Accepted pillow 10.3.0-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 03 Apr 2024 09:03:08 +0200 Source: pillow Architecture: source Version: 10.3.0-2 Distribution: unstable Urgency: medium Maintainer: Matthias Klose Changed-By: Matthias Klose Changes: pillow (10.3.0-2) unstable;

Accepted openstack-debian-images 1.84 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 09:00:30 +0200 Source: openstack-debian-images Architecture: source Version: 1.84 Distribution: unstable Urgency: medium Maintainer: Debian OpenStack Changed-By: Thomas Goirand Changes: openstack-debian-images

Accepted wl-mirror 0.16.2-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 24 Mar 2024 11:30:20 +0100 Source: wl-mirror Built-For-Profiles: noudeb Architecture: source Version: 0.16.2-2 Distribution: unstable Urgency: medium Maintainer: Ferdinand Bachmann Changed-By: Ferdinand Bachmann Closes:

Accepted generate-ninja 0.0~git20240328.93ee9b9-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 02 Apr 2024 16:21:55 +0200 Source: generate-ninja Architecture: source Version: 0.0~git20240328.93ee9b9-1 Distribution: unstable Urgency: medium Maintainer: qinxialei Changed-By: Ricardo Ribalda Delgado Changes:

Re: xz backdoor

On Wed, Apr 03, 2024 at 02:01:23AM -0400, Robert Edmonds wrote: > This backdoor abused the IFUNC mechanism in the GNU toolchain to hook into > the sshd process. Looking on my Debian sid workstation with about 1900 library > packages installed, I see a very small handful of source packages shipping

Accepted php-algo26-idna-convert 3.1.1-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 08:08:12 +0200 Source: php-algo26-idna-convert Architecture: source Version: 3.1.1-1 Distribution: unstable Urgency: medium Maintainer: Debian PHP PEAR Maintainers Changed-By: David Prévot Changes:

Accepted node-tar 6.1.13+~cs7.0.5-3 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 03 Apr 2024 09:39:22 +0400 Source: node-tar Architecture: source Version: 6.1.13+~cs7.0.5-3 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers Changed-By: Yadd Changes: node-tar

Re: xz backdoor

This backdoor abused the IFUNC mechanism in the GNU toolchain to hook into the sshd process. Looking on my Debian sid workstation with about 1900 library packages installed, I see a very small handful of source packages shipping libraries with IFUNC symbols, mostly things like gcc, glibc, haskell,

<    1   2