backdoor in upstream xz/liblzma leading to ssh server compromise
backdoor in upstream xz/liblzma leading to ssh server compromise
www.openwall.com /lists/oss-security/2024/03/29/4
You're viewing a single thread.
100
comments
This is the best post I've read about it so far: https://boehs.org/node/everything-i-know-about-the-xz-backdoor
In the fallout, we learn a little bit about mental health in open source.
Reminded me of this, relevant as always, xkcd:
Yes, exactly.
And looking at you npm : npm
That whole timeline is insane, and the fact that anyone even found this in the totally coincidental way they did is very lucky for the rest of us.
You've viewed 100 comments.