I had forgotten about this bug. Thanks for bringing this up and let me
close this.
** Changed in: xz-utils (Ubuntu)
Status: New => Invalid
** Description changed:
+ NOTE: THE VERSION MENTIONED HERE HAS BEEN BACKDOORED.
+ I am keeping the text below unchanged due to its possible historical
I just read about the backdoor on xz-utils from CVE-2024-3094 (not yet
synced to Launchpad CVE, I can't use the Link to CVE feature) and I
wanted to know more about Ubuntu's status.
Please avoid syncing any vulnerable version.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-3094
Graham pointed out that the upload was actually to unstable and
therefore autosync'ed already!
I'm going to keep the bug open until it migrates due to the possibility
of some testsuite failures.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
