On Fri, 2024-04-26 at 10:00 -0500, Michael Hennebry wrote: > On Fri, 26 Apr 2024, Patrick O'Callaghan wrote: > > > On Fri, 2024-04-26 at 08:22 +0930, Tim via users wrote: > > > > as far as xz, for F40, the affected version was only in > > > > updates- > > > > testing > > > > Thanks. Also wondering how far back the breach went. I remember > > > reading that the person had being playing the long game about > > > doing > > > this. > > > > They spent a long time setting it up, but the actual breach wasn't > > introduced until very recently, and IIRC was caught before it made > > it > > to a stable release. > > How was it caught? > If it's what I read about recently, 'twas a bit of a fluke.
Not quite a fluke, but certainly something to think about: https://en.wikipedia.org/wiki/XZ_Utils_backdoor poc -- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
