I'm not fully agree with that. You said:
~~~
What you need to know:
- It only affected the binary releases, so if you build from source, you were safe from this one
~~~
The backdoored xz was from upstream github, and was ported to Debian and fedora by building from source ... Also the backdoor get added to binarys by compiling it from source, since the malware is offuscaded not at the source by it is at side files included during compiling
Then I understood that it will only trigger at x86_64 , also if vulnerable xz packages were included on macosx brew .. That run almost arm architecture
andrea /
npub1rl…lkyr5
2024-03-31 11:04:55
in reply to nevent1q…53yu
Author Public Key
npub1rlcev8q8u9y56rk5vfjrvcq5yv2tjpuzdfcpx93swcrwfw0lugwqulkyr5Published at
2024-03-31 11:04:55Event JSON
{
"id": "2fe47f180a14205f434840a4737c59569583378f1fdb1fba9fdd8d7bc5451b95",
"pubkey": "1ff1961c07e1494d0ed462643660142314b907826a701316307606e4b9ffe21c",
"created_at": 1711875895,
"kind": 1,
"tags": [
[
"e",
"10e3b4bc1674eb2e8d7e700a131ea95dbf18f61afa9b68107ad5209d325b5060",
"",
"root"
],
[
"p",
"d30ea98ea65e953f91ab93f6b30ea51eb33c506f87d49f600a139aef00aa9511"
]
],
"content": "I'm not fully agree with that. You said:\n\n~~~\nWhat you need to know:\n- It only affected the binary releases, so if you build from source, you were safe from this one\n~~~\n\nThe backdoored xz was from upstream github, and was ported to Debian and fedora by building from source ... Also the backdoor get added to binarys by compiling it from source, since the malware is offuscaded not at the source by it is at side files included during compiling \n\nThen I understood that it will only trigger at x86_64 , also if vulnerable xz packages were included on macosx brew .. That run almost arm architecture ",
"sig": "0cf0bee4437ded3f94577399920bfb4dc4b72f4300dd169647910f144f1809770fea9fcc687934db0dc5fb4b2531dcf33087a4ea52bc56654fe749b010607d2f"
}