|
| From: | Reza Housseini |
| Subject: | xz backdoor |
| Date: | Mon, 1 Apr 2024 21:46:12 +0200 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 |
Hi GuixersJust stumbled upon this recently discovered supply chain attack on xz, inserting a backdoor via test files [1, 2]. And it made me wondering, what would have been the effects on guix and how can we potentially avoid it?
Stay safe! Reza [1] https://www.openwall.com/lists/oss-security/2024/03/29/4 [2] https://access.redhat.com/security/cve/cve-2024-3094#cve-cvss-v3
| [Prev in Thread] | Current Thread | [Next in Thread] |