On Fri, 29 Mar 2024, Frank Dean wrote:
I received a security announcement on the Debian mailing list [1]. It appears versions 5.6.0 of XY Utils and later may be compromised. I also found a discussion on Openwall [2]. [1]: https://lists.debian.org/debian-security-announce/2024/msg00057.html <https://lists.debian.org/debian-security-announce/2024/msg00057.html> [2]: https://www.openwall.com/lists/oss-security/2024/03/29/4 <https://www.openwall.com/lists/oss-security/2024/03/29/4> I'm afraid that's all I know. Just a heads-up.
In [1] they mention reverting to 5.4.5 to fix it. It's not 100% clear from that whether 5.4.6 is affected, but it sounds like it's not. Since MacPorts is currently at 5.4.6, the port is probably OK as long as it doesn't do any overzealous upgrading.
CCing the users list so they don't panic. :-) Fred Wright
