unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* xz backdoor
@ 2024-04-01 19:46 Reza Housseini
  2024-04-01 20:39 ` Kaelyn
                   ` (2 more replies)
  0 siblings, 3 replies; 8+ messages in thread
From: Reza Housseini @ 2024-04-01 19:46 UTC (permalink / raw)
  To: guix-devel

Hi Guixers

Just stumbled upon this recently discovered supply chain attack on xz, 
inserting a backdoor via test files [1, 2]. And it made me wondering, 
what would have been the effects on guix and how can we potentially 
avoid it?

Stay safe!
Reza

[1] https://www.openwall.com/lists/oss-security/2024/03/29/4
[2] https://access.redhat.com/security/cve/cve-2024-3094#cve-cvss-v3

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2024-04-02 22:36 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-01 19:46 xz backdoor Reza Housseini
2024-04-01 20:39 ` Kaelyn
2024-04-01 20:52   ` Attila Lendvai
2024-04-01 20:44 ` jbranso
2024-04-01 23:27 ` Leo Famulari
2024-04-02  8:23   ` Attila Lendvai
2024-04-02  8:29     ` adanskana
2024-04-02 22:35     ` Ryan Prior

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).