everybackdoor·2 tahun yang lalu·discussLook at the newest commits, do you see anything suspicious:https://git.alpinelinux.org/aports/log/main/gettextlibunistring could also be affected as that has also been pushed there
everybackdoor·2 tahun yang lalu·discussJiaT75 was also a prolific contributor to xz over the past few years, so your assumptions are generally invalid at this point.
everybackdoor·2 tahun yang lalu·discussFunny you should say that, given they definitely have exploit code in `vcpkg`
everybackdoor·2 tahun yang lalu·discussThey may be right: https://git.alpinelinux.org/aports/log/main/gettextTimeline matches and there is a sudden switch of maintainer. And they add dependency to xz!
https://git.alpinelinux.org/aports/log/main/gettext
libunistring could also be affected as that has also been pushed there