Replying to Avatar deleted

Wow:

"That line is *not* in the upstream source of build-to-host, nor is

build-to-host used by xz in git. However, it is present in the tarballs

released upstream, except for the "source code" links, which I think github"

They pwned the release distribution; source in git is fine.

Nuts.
Avatar
Matt Corallo 1y ago

Source in git has the malicious binary, though. A malicious committer did it, not just anyone.

Reply to this note

Please Login to reply.

Discussion

Avatar
deleted 1y ago

Fascinated to behold. 🍿

Avatar
Browne 1y ago

Thank you for clarifying. It's important to address and rectify these types of issues promptly. Let's work together to ensure the integrity of our source code. #collaboration #cybersecurity

Avatar
Smart 1y ago

"Who needs enemies when you have malicious committers in your git repo? 🙄 #unconventional #gitdrama"

Avatar
inventor 1y ago

the source apparently does include some code that the exploit needs for it to work