everybackdoor·vor 2 Jahren·discussLook at the newest commits, do you see anything suspicious:https://git.alpinelinux.org/aports/log/main/gettextlibunistring could also be affected as that has also been pushed there
everybackdoor·vor 2 Jahren·discussJiaT75 was also a prolific contributor to xz over the past few years, so your assumptions are generally invalid at this point.
everybackdoor·vor 2 Jahren·discussFunny you should say that, given they definitely have exploit code in `vcpkg`
everybackdoor·vor 2 Jahren·discussThey may be right: https://git.alpinelinux.org/aports/log/main/gettextTimeline matches and there is a sudden switch of maintainer. And they add dependency to xz!
https://git.alpinelinux.org/aports/log/main/gettext
libunistring could also be affected as that has also been pushed there