Hi all, This isn't related to Koha per se, but I thought I'd share it for anyone who hasn't seen it: https://en.wikipedia.org/wiki/XZ_Utils_backdoor All the more reason to have things like Kohacon so that we actually know each other. David Cook Senior Software Engineer Prosentient Systems Suite 7.03 6a Glen St Milsons Point NSW 2061 Australia Office: 02 9212 0899 Online: 02 8005 0595
So to gain trust even faster and then be able to self-QAing backdoors ? :-P Very interesting article, thanks! And hats off to the Wiki contributor who wrote that article so quickly. Logo inLibro <https://inLibro.com> Philippe Blouin Directeur de la technologie T 833-INLIBRO (465-4276) <tel:833-465-4276>, poste 230 C philippe.blouin@inLibro.com www.inLibro.com <https://inLibro.com> On 2024-04-03 19:15, David Cook via Koha-devel wrote:
Hi all,
This isn’t related to Koha per se, but I thought I’d share it for anyone who hasn’t seen it: https://en.wikipedia.org/wiki/XZ_Utils_backdoor
All the more reason to have things like Kohacon so that we actually know each other…
David Cook
Senior Software Engineer
Prosentient Systems
Suite 7.03
6a Glen St
Milsons Point NSW 2061
Australia
Office: 02 9212 0899
Online: 02 8005 0595
_______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website :https://www.koha-community.org/ git :https://git.koha-community.org/ bugs :https://bugs.koha-community.org/
On 2024-04-03 19:15, David Cook via Koha-devel wrote:
Hi all,
This isn’t related to Koha per se, but I thought I’d share it for anyone who hasn’t seen it: https://en.wikipedia.org/wiki/XZ_Utils_backdoor <https://en.wikipedia.org/wiki/XZ_Utils_backdoor>
All the more reason to have things like Kohacon so that we actually know each other…
Thanks David. For those using Debian: "Right now no Debian stable versions are known to be affected. Compromised packages were part of the Debian testing, unstable and experimental distributions" <https://lists.debian.org/debian-security-announce/2024/msg00057.html> and Ubuntu: "The affected version of xz-utils was only in noble-proposed, and was removed before migrating to noble itself. No released versions of Ubuntu were affected by this issue." <https://ubuntu.com/security/CVE-2024-3094> Now back to my trusty old Koha 3.8.24, current server up-time 1,410 days ;=} Paul
David Cook
Senior Software Engineer
Prosentient Systems
Suite 7.03
6a Glen St
Milsons Point NSW 2061
Australia
Office: 02 9212 0899
Online: 02 8005 0595
_______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : https://www.koha-community.org/ git : https://git.koha-community.org/ bugs : https://bugs.koha-community.org/
participants (3)
-
David Cook -
Paul A -
Philippe Blouin