On Sat, Mar 30, 2024 at 1:26 PM Richard Purdie <[email protected]> wrote: > > On Sat, 2024-03-30 at 13:08 +0100, Marta Rybczynska wrote: > > Absolutely confirm. DO NOT UPDATE > > > > Marta > > > > On Sat, 30 Mar 2024, 02:04 Mark Hatle, > > <[email protected]> wrote: > > > I know this request is a week or so old.. > > > > > > But do NOT upgrade to 'xz' 5.6.0 or 5.6.1. It has been > > > compromised: > > > > > > https://www.openwall.com/lists/oss-security/2024/03/29/4 > > > > > > --Mark > > We're not going to. The upgrade was already dropped after it failed > build testing. I do wonder why it failed. > > https://autobuilder.yoctoproject.org/typhoon/#/builders/48/builds/8737 > > I've ensured the sources were removed from our mirrors too.
It looks to me that the Autobuilder has actually seen a side-effect of the backdoor... Marta
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197866): https://lists.openembedded.org/g/openembedded-core/message/197866 Mute This Topic: https://lists.openembedded.org/mt/105226831/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
