HackerTrans
トップ新着トレンドコメント過去質問紹介求人

everybackdoor

no profile record

コメント

everybackdoor
·2 年前·議論
Look at the newest commits, do you see anything suspicious:

https://git.alpinelinux.org/aports/log/main/gettext

libunistring could also be affected as that has also been pushed there
everybackdoor
·2 年前·議論
JiaT75 was also a prolific contributor to xz over the past few years, so your assumptions are generally invalid at this point.
everybackdoor
·2 年前·議論
Funny you should say that, given they definitely have exploit code in `vcpkg`
everybackdoor
·2 年前·議論
They may be right: https://git.alpinelinux.org/aports/log/main/gettext

Timeline matches and there is a sudden switch of maintainer. And they add dependency to xz!