linuxmemes

20484 readers

958 users here now

I use Arch btw

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules

Follow the site-wide rules and code of conduct
Be civil
Post Linux-related content
No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago

MODERATORS

[email protected]

986

Debian security amirite? (lemmy.world)

submitted 4 months ago by [email protected] to c/[email protected]

75 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 35 points 4 months ago (1 children)

Even if you're using debian 12 bookworm and are fully up to date, you're still running [5.4.1].

The only debian version actually shipping the vulnerable version of the package was sid, and being a canary for this kind of thing is what sid is for, which it's users know perfectly well.

[–] [email protected] 2 points 4 months ago (3 children)

There was a comment on Mastodon or Lemmy saying that the bad actor had been working with the project for two years so earlier versions may have malicious code as well already.

[–] [email protected] 5 points 4 months ago

Needless to say all his work ever will already be being reviewed.

[–] [email protected] 5 points 4 months ago

Distros like gentoo reverted to 5.4.2 for that reason. If debian stable is on 5.4.1 that should be ok.

[–] [email protected] 5 points 4 months ago

They did but the malware wasn't fully implemented yet. They spent quite a while implementing it, I guess to try and make it less obvious.