Workaround with the Sage distribution: "./configure --without-system-liblzma --without-system-xz" (Our xz package dates back from before the attackers were born;)
Incidentally, the cryptographic protection of the Sage distribution is wildly insufficient. I've opened https://github.com/sagemath/sage/issues/37691 for this -- any takers? On Friday, March 29, 2024 at 12:18:24 PM UTC-7 Dima Pasechnik wrote: > https://www.openwall.com/lists/oss-security/2024/03/29/4 > > if your have xz 5.6.0 or 5.6.1 installed (e.g. Debian testing/unstable) > you have a backdoored xz. > -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/sage-devel/d75e7cc9-9743-4c20-b502-431d400dc5f2n%40googlegroups.com.
