Detection - Duplicate Body
https://www.openwall.com/lists/oss-security/2024/03/29/4
>After observing a few odd symptoms around liblzma (part of the xz package) on
Debian sid installations over the last weeks (logins with ssh taking a lot of
CPU, valgrind errors) I figured out the answer:
>The upstream xz repository and the xz tarballs have been backdoored.
>At first I thought this was a compromise of debian's package, but it turns out
to be upstream.
https://junkuchan.org/origin/thread/2335.html#5676 [details]
Body:
https://www.openwall.com/lists/oss-security/2024/03/29/4
>After observing a few odd symptoms around liblzma (part of the xz package) on
Debian sid installations over the last weeks (logins with ssh taking a lot of
CPU, valgrind errors) I figured out the answer:
>The upstream xz repository and the xz tarballs have been backdoored.
>At first I thought this was a compromise of debian's package, but it turns out
to be upstream.
https://junkuchan.org/origin/thread/5683.html#5676 [details]
Body:
https://www.openwall.com/lists/oss-security/2024/03/29/4
>After observing a few odd symptoms around liblzma (part of the xz package) on
Debian sid installations over the last weeks (logins with ssh taking a lot of
CPU, valgrind errors) I figured out the answer:
>The upstream xz repository and the xz tarballs have been backdoored.
>At first I thought this was a compromise of debian's package, but it turns out
to be upstream.
https://zzzchan.xyz/v/thread/237717.html#241294 [details]
Body:
>https://www.openwall.com/lists/oss-security/2024/03/29/4
https://trashchan.xyz/meta/thread/214.html#716 [details]
Body:
>https://www.openwall.com/lists/oss-security/2024/03/29/4
Also, this looks suspicious: https://archive.vn/ogmcy
https://zzzchan.xyz/tech/thread/412.html#13191 [details]
Body:
>https://www.openwall.com/lists/oss-security/2024/03/29/4
Also, this looks suspicious: https://archive.vn/ogmcy