986

submitted 5 months ago by Emerald@lemmy.world to c/linuxmemes@lemmy.world

75 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] TheGingerNut@lemmy.blahaj.zone 35 points 5 months ago

Even if you're using debian 12 bookworm and are fully up to date, you're still running [5.4.1].

The only debian version actually shipping the vulnerable version of the package was sid, and being a canary for this kind of thing is what sid is for, which it's users know perfectly well.

[-] piefedderatedd@piefed.social 2 points 5 months ago

There was a comment on Mastodon or Lemmy saying that the bad actor had been working with the project for two years so earlier versions may have malicious code as well already.

[-] jabjoe@feddit.uk 5 points 5 months ago

Needless to say all his work ever will already be being reviewed.

[-] dan@upvote.au 5 points 5 months ago

They did but the malware wasn't fully implemented yet. They spent quite a while implementing it, I guess to try and make it less obvious.

[-] mumblerfish@lemmy.world 5 points 5 months ago

Distros like gentoo reverted to 5.4.2 for that reason. If debian stable is on 5.4.1 that should be ok.

this post was submitted on 30 Mar 2024

986 points (98.6% liked)

linuxmemes

20680 readers

916 users here now

I use Arch btw

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules

Follow the site-wide rules and code of conduct
Be civil
Post Linux-related content
No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago

MODERATORS

poopsmith@lemmy.world

zephyr@lemmy.world