Truth about xz backdoor on linux

Started by Ghost Member, May 09, 2024, 05:23:24 PM

Previous topic - Next topic

0 Members and 8 Guests are viewing this topic.

Ghost Member

I see Windows fanboy(linux hater ones) try to use this incident and slur Linux again that they're vulnerable as windows like Britec09 accuse. That's BS. Here's the truth.

1. All these times It's fake xz-utils source code 5.6.0, 5.6.1 version.

The Debian package maintainer mistook this for latest source code and make package host on Debian Unstable & Testing repository and found out later it's contain backdoor code which can affect otheer Xz archives like tar.xz files but it's not gonna affect tar.bz2, tar.gz just tar.xz

2. Real official version is 5.4.6
and the Culprit is:
As original Xz dev state

3. it's already been fixed on Debian and rename as "5.6.1+really5.4.5-1" so this flaw is fixed no more backdoor.

Hālian He/him

I think you're putting too much stock in Linux antis and what they have to say. Regardless, it's good to point this out for people who may not have known.

(Would like to know what the current situation is for other distros, though, for completeness' sake.)

Ghost Member

I'm Anti-Bullies and because I hate bullies, false accused jerks that's why I'm expose their lies
The truth is just sill package maintainer dunce compile 5.6.1 fake source code instead of compile the 5.4.6 the original

Other distros? witness with your own eyes <<<5.6.1 version <<<5.4.6  <<<5.6.1 version

I don't know do they ignorantly keep 5.6.1 or fix by remove backdoor code of or not but I don't trust any distro that doesn't claimed "Fixed" or use 5.4.6 version. But for sure Debian stable doesn't affect this and Sid, Testing repo already fixed and Ubuntu 24.04 already inherit Debian fixed package that rename 5.6.1really5.4.5