social.wildeboer.net is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon instance for people with Wildeboer as their last name

Server stats:

2
active users

#liblzma

0 posts0 participants0 posts today

I have mirrored @thesamesam gist at gist.github.com/thesamesam/223 (the xz backdoor/exploit FAQ) locally and on codeberg.org/jwildeboer/gists/ Will setup some sort of automatic update script later. I don't think Github will somehow interfere with this FAQ, but hey, better safe than sorry and stuff :)

This is just a FYI. Please do NOT use my manual mirror of the FAQ and bookmark ONLY the original source.

Gistxz-utils backdoor situation (CVE-2024-3094)xz-utils backdoor situation (CVE-2024-3094). GitHub Gist: instantly share code, notes, and snippets.

If you really care about the backdoor, the IMHO (In My Humble Opinion) best source of information is the FAQ at gist.github.com/thesamesam/223 which gets continuous updates and keeps track of the fallout and ongoing work.

However — do not read the comments on that gist, as a lot of not-so-well informed but very motivated people try to add their .02.

Gistxz-utils backdoor situation (CVE-2024-3094)xz-utils backdoor situation (CVE-2024-3094). GitHub Gist: instantly share code, notes, and snippets.
Continued thread

backdoor/exploit, CVE-2024-3094

Short update: the best source for up2date information on the history, analysis, fallout and moving forward is now gist.github.com/thesamesam/223

As expected, a lot of motivated but not well-informed or qualified people in the comments are adding fuel to a fire that is effectively under control and almost extinguished, so when you read that FAQ, please ignore most of the comments under it.

Gistxz-utils backdoor situation (CVE-2024-3094)xz-utils backdoor situation (CVE-2024-3094). GitHub Gist: instantly share code, notes, and snippets.