backdoor in upstream xz/liblzma leading to ssh server compromise
backdoor in upstream xz/liblzma leading to ssh server compromise
www.openwall.com /lists/oss-security/2024/03/29/4
You're viewing a single thread.
99
comments
This is the best post I've read about it so far: https://boehs.org/node/everything-i-know-about-the-xz-backdoor
In the fallout, we learn a little bit about mental health in open source.
Reminded me of this, relevant as always, xkcd:
Yes, exactly.
And looking at you npm : npm
That whole timeline is insane, and the fact that anyone even found this in the totally coincidental way they did is very lucky for the rest of us.
You've viewed 99 comments.