xz/liblzma Compromise Link Roundup
Links to analysis, discussion and more related to the xz/liblzma compromise (CVE-2024-3094).
XZ Backdoor: Not the End of Open Source
beny23.github.ioWhen I stumbled across a post that an encryption library offers a potential backdoor to SSH connectivity on Good Friday, my first thought was: why is it always on a Friday that these things drop? And then my second one: oh bugger, here goes my weekend. Now, I won’t go into the technical details, there are many, many, many, many better resources out there, but I can’t help thinking that this would/should force the software industry to think.