From: Jesse Darrone <jrd321@gmail.com>
Subject: Re: archivers/xz: update to 5.6.1
To: Christian Weisgerber <naddy@mips.inka.de>
Cc: ports@openbsd.org
Date: Fri, 29 Mar 2024 16:49:44 -0400

Thanks, Christian!

On Fri, Mar 29, 2024 at 4:35 PM Christian Weisgerber <naddy@mips.inka.de>
wrote:

> Jesse Darrone:
>
> > I hate to raise the alarm, but it looks like this should be scrutinized.
> >
> > It sounds like a backdoor made it into the upstream repository:
> > https://www.openwall.com/lists/oss-security/2024/03/29/4
>
> Yes, I just learned.  I am investigating.
>
> FWIW, I did look over the complete 5.4.5 -> 5.6.1 diff as part of
> my regular update procedure, but didn't catch this in the 144028-line
> diff.
>
> --
> Christian "naddy" Weisgerber                          naddy@mips.inka.de
>