Conan_Kudo , 3 months ago

Lasse Collin (the main #xz maintainer) has now started working on a review of #xzorcist (credit to @jwf for the clever name!).

https://tukaani.org/xz-backdoor/

It's important to note how critical it was caught now: all the commercial distributions are making releases over the next 12-18 months: Red Hat with RHEL 10 in May 2025, SUSE with SLE 16 in fall 2025, and Canonical with Ubuntu 24.04 in April. It was key to infect their upstreams (Fedora, openSUSE, Debian) now.

Fortunately, it failed.