this post was submitted on 30 Mar 2024
985 points (98.5% liked)

linuxmemes

21197 readers
217 users here now

Hint: :q!

Sister communities:

Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
    • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
    • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

    • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS
    poopsmith@lemmy.world
    zephyr@lemmy.world
    rtxn@lemmy.world
    985
    Debian security amirite? (lemmy.world)
    submitted 7 months ago by Emerald@lemmy.world to c/linuxmemes@lemmy.world
    75 comments fedilink hide all child comments
     
    you are viewing a single comment's thread
    view the rest of the comments
    [–] TheGingerNut@lemmy.blahaj.zone 35 points 7 months ago (1 children)

    Even if you're using debian 12 bookworm and are fully up to date, you're still running [5.4.1].

    The only debian version actually shipping the vulnerable version of the package was sid, and being a canary for this kind of thing is what sid is for, which it's users know perfectly well.

    [–] piefedderatedd@piefed.social 2 points 7 months ago (3 children)

    There was a comment on Mastodon or Lemmy saying that the bad actor had been working with the project for two years so earlier versions may have malicious code as well already.

    [–] dan@upvote.au 5 points 7 months ago

    They did but the malware wasn't fully implemented yet. They spent quite a while implementing it, I guess to try and make it less obvious.

    [–] mumblerfish@lemmy.world 5 points 7 months ago

    Distros like gentoo reverted to 5.4.2 for that reason. If debian stable is on 5.4.1 that should be ok.

    [–] jabjoe@feddit.uk 5 points 7 months ago

    Needless to say all his work ever will already be being reviewed.