Although no Debian stable versions are known to be affected by CVE-2024-3094 the next point release for 12.6 has been postponed while we investigate the effects of this CVE on the Archive. https://lists.debian.org/debian-security-announce/2024/msg00057.html
micronews.debian.org
Although no Debian stable versions are known to be affected by CVE-2024-3094 the next point release for 12.6 has been postponed while we investigate the effects of this CVE on the Archive. https://lists.debian.org/debian-security-announce/2024/msg00057.html
  • @c10l@lemmy.world
    41 month ago

    They mention versions from 5.5.1 are affected.

    Everywhere else I’ve read only 5.6.0 and 5.6.1 are.

    Is this an abundance of caution by the Debian security team, or is Debian’s earlier version affected due to patching done by the package maintainers?

    • lemmyreaderOPEnglish
      21 month ago

      Good question. Maybe it has to do with the fact that the backdoor contributor was on the xz project for about two years.