Statement on backdoor in xz package

2024-04-02 Thread Ihsan Dogan via users
Recently, a backdoor [1] was discovered in the xz compression library. xz/liblzma [2] are packaged by the OpenCSW project and various other packages are depending on the liblzma library [3]. I have released today the version 5.6.0r529 to the repository, which is based on the 5.2.9. This is

Re: CSWxz and CVE-2024-3094

2024-04-02 Thread Ihsan Dogan via users
Hi > Am 02.04.2024 um 14:37 schrieb Jeffrey Walton via users > : what about CVE-2024-3094 and current version CSWxz? https://nvd.nist.gov/vuln/detail/CVE-2024-3094 >>> >>> Ihsan already prepared an updated package which should show up soon. >> >> Yes, I am on it. I am

Re: CSWxz and CVE-2024-3094

2024-04-02 Thread Ihsan Dogan via users
Hi Yuri > Am 02.04.2024 um 14:03 schrieb Dagobert Michelsen : > >> what about CVE-2024-3094 and current version CSWxz? >> >> https://nvd.nist.gov/vuln/detail/CVE-2024-3094 > > Ihsan already prepared an updated package which should show up soon. Yes, I am on it. I am preparing a rollback to