Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Missing the whole Fedora timeline. I was emailed by "Jia Tan" between Feb 27 and Mar 27, in a partially successful attempt to get the new xz into Fedora 40 & 41. Edit: I emailed Russ with the details.



I wondered about this. I saw the note at the bottom "RedHat announces that the backdoored xz shipped in Fedora Rawhide and Fedora Linux 40 beta" but saw nothing in the timeline explaining when/how it made it into Fedora.


These are the Fedora packages for xz that are vulnerable. If you click through the links you can see when they were added:

https://lists.fedoraproject.org/archives/list/devel@lists.fe... (https://archive.ph/diGNB)

This is the rough sequence of events in Fedora:

https://lists.fedoraproject.org/archives/list/devel@lists.fe... (https://archive.ph/e0SdX)




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: