Next point release for 12.6 has been postponed
Next point release for 12.6 has been postponed
micronews.debian.org Although no Debian stable versions are known to be affected by CVE-2024-3094 the next point release for 12.6 has been postponed while we investigate the effects of this CVE on the Archive. https://lists.debian.org/debian-security-announce/2024/msg00057.html
Although no Debian stable versions are known to be affected by CVE-2024-3094 the next point release for 12.6 has been postponed while we investigate the effects of this CVE on the Archive. https://lists.debian.org/debian-security-announce/2024/msg00057.html
3
comments
They mention versions from 5.5.1 are affected.
Everywhere else I’ve read only 5.6.0 and 5.6.1 are.
Is this an abundance of caution by the Debian security team, or is Debian’s earlier version affected due to patching done by the package maintainers?
4 0 ReplyGood question. Maybe it has to do with the fact that the backdoor contributor was on the xz project for about two years.
2 0 ReplyYep. All distros are rolling-back to before JiaT75 was involved.
4 0 Reply