CVE-2024-3094: Malicious code in xz 5.6.0 and 5.6.1 tarballs

↧

Image may be NSFW.
Clik here to view.

CVE-2024-3094: Malicious code in xz 5.6.0 and 5.6.1 tarballs

April 1, 2024, 2:19 pm

payas: Guix has grafts precisely for this purpose. Can’t we have something similar? What roadblock as would there be for implementing and then utilizing such change? I’m also wondering about this. I...

View Article

CVE-2024-3094: Malicious code in xz 5.6.0 and 5.6.1 tarballs

April 1, 2024, 2:27 pm

FYI, the downgrade of xz is in nixpkgs master now. *-linux binaries are basically all there. Read full topic

View Article

CVE-2024-3094: Malicious code in xz 5.6.0 and 5.6.1 tarballs

April 1, 2024, 5:55 pm

hey, that didn’t take too long at all! Read full topic

View Article

CVE-2024-3094: Malicious code in xz 5.6.0 and 5.6.1 tarballs

April 3, 2024, 9:42 pm

heads up that the PR reverting xz is now in nixos-unstable and nixpkgs-unstable https://nixpk.gs/pr-tracker.html?pr=300028 Read full topic

View Article

CVE-2024-3094: Malicious code in xz 5.6.0 and 5.6.1 tarballs

April 5, 2024, 9:01 pm

This prompted us to add support for content addressable store to Cachix and see how much it would help with saving the rebuilds. I’ll report back once we have some results. Read full topic

View Article

CVE-2024-3094: Malicious code in xz 5.6.0 and 5.6.1 tarballs

July 6, 2024, 7:04 am

@domenkozar Do you have any results by now? Read full topic

View Article