Re: xz backdoor

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 29/03/2024 22.10, Michael Catanzaro wrote:

On Fri, Mar 29 2024 at 08:16:55 PM +00:00:00, Richard W.M. Jones <rjones@xxxxxxxxxx> wrote:

These are the exact builds which were vulnerable.  Note the tags are
all empty because Kevin untagged them last night, so you'll probably
need to cross-reference these with bodhi updates.


OK, I am going to ask Product Security to edit their blog post to remove the incorrect information. I will CC you on that request.

Thanks,

Michael


Confusion is increasing a little among different channels, and it would be nice if the RH blog post and the Red Hat CVE page would be updated, and maybe clarified: According to Adam Williamson, F40 is likely to have installed the packages because testing is enabled by default in pre-release. If I got Rich right, the malicious code is likely to be broken on F40, but F40 users still should update to be sure.

At the moment several "versions" and "assumptions" are rising that try to somehow make sense of the different publications (e.g., header of RH article "F41 and rawhide" -> headline in content "F40 and rawhide"). I don't know how the assumption came up that F40 is only affected if users opted in for testing, but that interpretation already ended up in the Fedora Magazine and in the official linkedin post of Fedora (I already asked to correct it).

Creating some clarification and unify our information provision can help to get rid of the current interpretations between "F40 - just don't care" and "F40 - the end of the world is coming" (sorry for the dramatization ;). I think one or two sentences in the RH blog post + RH CVE page should be fine to clarify, to avoid further confusion and to re-unify knowledge towards the facts, of course the same for the Fedora Magazine article but that's already underway.
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux