Sujet : Re: Gentoo Emerge Repot March 30
De : ff (at) *nospam* linux.rocks (Farley Flud)
Groupes : comp.os.linux.advocacyDate : 30. Mar 2024, 22:53:39
Autres entêtes
Organisation : UsenetExpress - www.usenetexpress.com
Message-ID : <17c1a626f0513d62$614$3121036$802601b3@news.usenetexpress.com>
References : 1 2
On 30 Mar 2024 20:12:02 GMT, Stéphane CARPENTIER wrote:
I believe you are confused, so I'll explain a little bit. Here, and in a
lot of other places, the actual subject is about a vulnerability on ssh.
The vulnerability is caused by a data compressor named xz (you see, xz
not xv).
>
No. YOU are confused.
I made a typographical error. The package "xv-utils" should have been
"xz-utils."
So my xz-utils has been downgraded to 5.4.2.
But it is quite unnecessary. Only ssh calling systemd-notify will invoke
the problem, and I use neither ssh or that abominable systemd.
My system is safe but I decided to downgrade anyway. After all, the
actual compression/decompression will be unaffected regardless.
>
Xv is an old image viewer, it was useful years ago it's almost
dead now.
>
I still use xloadimage:
http://fr2.rpmfind.net/linux/RPM/fedora/devel/rawhide/x86_64/x/xloadimage-4.1-37.fc40.x86_64.htmlWho decides what is dead or alive?
Certainly not you.