Groups
Sign in
Groups
sage-release
Conversations
About
Send feedback
Help
xz/liblzma has been compromised
77 views
Skip to first unread message
Dima Pasechnik
unread,
Mar 29, 2024, 3:18:20 PM
Mar 29
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to sage-devel, sage-support, sage-release
https://www.openwall.com/lists/oss-security/2024/03/29/4
if your have xz 5.6.0 or 5.6.1 installed (e.g. Debian testing/unstable)
you have a backdoored xz.
Dima Pasechnik
unread,
Mar 29, 2024, 3:36:27 PM
Mar 29
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to sage-devel, sage-support, sage-release, Isuru Fernando
aand Conda:
https://anaconda.org/anaconda/xz
shows version 5.6.1
Dima Pasechnik
unread,
Mar 29, 2024, 3:45:27 PM
Mar 29
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to sage-devel, sage-support, sage-release, Isuru Fernando
and Homebrew.
Please upgrade your Homebrew. It should do a downgrade:
`brew upgrade` now "upgrades" xz from 5.6.1 -> 5.4.6
Kwankyu Lee
unread,
Mar 30, 2024, 7:56:53 AM
Mar 30
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to sage-release
Thanks!
Emmanuel Charpentier
unread,
Apr 1, 2024, 9:55:35 AM
Apr 1
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to sage-release
FWIW, Debian's security has reverted to 5.4.1 on Mar 28.
Many thanks for the lookup !
Reply all
Reply to author
Forward
0 new messages