Antonio Russo writes:
> The way I see it, there are two options in handling a buildable package:
> 1. That file would have been considered a build artifact, consequently
> removed and then regenerated. No backdoor.
> 2. The file would not have been scrubbed, and a difference between the
> git
On 2024-03-29 22:41, Guillem Jover wrote:
> Hi!
>
> On Fri, 2024-03-29 at 18:21:27 -0600, Antonio Russo wrote:
>> This is a vector I've been somewhat paranoid about myself, and I
>> typically check the difference between git archive $TAG and the downloaded
>> tar, whenever I package things. Obvio
Hi!
On Fri, 2024-03-29 at 18:21:27 -0600, Antonio Russo wrote:
> This is a vector I've been somewhat paranoid about myself, and I
> typically check the difference between git archive $TAG and the downloaded
> tar, whenever I package things. Obviously a backdoor could have been
> inserted into the
Package: wnpp
Severity: normal
Owner: Zachary Liebl
X-Debbugs-Cc: debian-devel@lists.debian.org, deb...@zachliebl.com
Package name: gnu-which
Version : 2.21+dfsg-2
Upstream Contact: Carlo Wood
URL : https://savannah.gnu.org/projects/which
License : GPL-3
Hello everyone,
As I'm sure we're all aware of at this point, Debian has been a victim
of a relatively sophisticated first-party attack whereby a backdoor
of the XZ package was smuggled into sshd via a systemd dependency.
This backdoor, at a minimum, attacked key verification. As far as I
understa
Moritz Mühlenhoff writes:
> Russ Allbery wrote:
>> I think this question can only be answered with reverse-engineering of
>> the backdoors, and I personally don't have the skills to do that.
> In the pre-disclosure discussion permission was asked to share the
> payload with a company specialisi
Russ Allbery wrote:
> I think this question can only be answered with reverse-engineering of the
> backdoors, and I personally don't have the skills to do that.
In the pre-disclosure discussion permission was asked to share the payload
with a company specialising in such reverse engineering. If t
Russ Allbery writes:
> Sirius writes:
>> This is quite actively discussed on Fedora lists.
>> https://www.openwall.com/lists/oss-security/2024/
>> https://www.openwall.com/lists/oss-security/2024/03/29/4
>> Worth taking a look if action need to be taken on Debian.
> The version of xz-utils was
On Fri, Mar 29, 2024 at 09:09:45PM +0100, Sirius wrote:
> Hi there,
>
> This is quite actively discussed on Fedora lists.
> https://www.openwall.com/lists/oss-security/2024/
> https://www.openwall.com/lists/oss-security/2024/03/29/4
>
> Worth taking a look if action need to be taken on Debian.
>
Sirius writes:
> This is quite actively discussed on Fedora lists.
> https://www.openwall.com/lists/oss-security/2024/
> https://www.openwall.com/lists/oss-security/2024/03/29/4
> Worth taking a look if action need to be taken on Debian.
The version of xz-utils was reverted to 5.4.5 in unstable
xz-utils (5.6.1+really5.4.5-1) unstable; urgency=critical
* Non-maintainer upload by the Security Team.
* Revert back to the 5.4.5-0.2 version
-- Salvatore Bonaccorso Thu, 28 Mar 2024 15:59:38
+0100
Le ven. 29 mars 2024 à 21:17, Sirius a écrit :
> Hi there,
>
> This is quite active
Hi there,
This is quite actively discussed on Fedora lists.
https://www.openwall.com/lists/oss-security/2024/
https://www.openwall.com/lists/oss-security/2024/03/29/4
Worth taking a look if action need to be taken on Debian.
--
Kind regards,
/S
Hi,
Am 25.03.24 um 19:17 schrieb Julian Gilbey:
* Reading and writing file formats (like CSV, Apache ORC, and Apache
Parquet)
liborcus supports this (Apache Parquet) if built with Apache Arrow. And
thus makes LibreOffice being able to handle it.
I didn't invest any time in Apache Ar
On Mon, 2024-03-25 at 18:17 +, Julian Gilbey wrote:
>
>
> So this is a plea for anyone looking for something really helpful to
> do: it would be great to have a group of developers finally package
> this! There was some initial work done (see the RFP bug report for
> details: https://bugs.de
Package: wnpp
Severity: wishlist
Owner: Josenilson Ferreira da Silva
X-Debbugs-Cc: debian-devel@lists.debian.org, nilsonfsi...@hotmail.com
* Package name: python-naked
Version : 0.1.32
Upstream Contact: Christopher Simpkins
* URL : https://github.com/chrissimpkins/na
15 matches
Mail list logo
