10:11 AM - xz vulnerability
There is an xz vulnerability in 5.6.0 and 5.6.1 that was caused by a malicious payload added via a commit.  https://boehs.org/node/everything-i-know-about-the-xz-backdoor
At this time, I am unaware of anything in libarchive that is considered dangerous as mentioned on that website. MidnightBSD does not use the affected versions of xz in base. We have 5.2.9 right now.
0 comments