Publishing details
Changelog
xz-utils (5.4.6-0ubuntu1~16.04.sav1) xenial; urgency=medium
* Response to CVE-2024-3094 backdoor (new upstream changes from April 2024):
- d/patches/: Add cve-2024-3094-doc-changes-part{1,2,3}.patch (upstream)
to show current correct maintainer and URL info (removes "Jia Tan")
- Add cve-2024-3094-doc-changes-part4.patch to purge the evildoer from
documentation in several additional files not yet changed by upstream
- NOTE: No ifunc support was in any xz-utils source prior to v5.5.1alpha,
and at this time all available information about CVE-2024-3094 says that
the backdoor relied upon ifunc to operate, so this version 5.4.6 should
not be vulnerable (and as soon as upstream makes a new release with all
changes by "Jia Tan" removed that release will be published at the PPAs)
-- Rob Savoury <email address hidden> Mon, 15 Apr 2024 14:15:02 -0700
Builds
Built packages
-
liblzma-dev
XZ-format compression library - development files
-
liblzma-doc
XZ-format compression library - API documentation
-
liblzma5
XZ-format compression library
-
liblzma5-udeb
XZ-format compression library
-
xz-utils
XZ-format compression utilities
-
xzdec
XZ-format compression utilities - tiny decompressors
Package files