gentoo auto-resync : 30:03:2024 - 01:13:30

author: V3n3RiX <venerix@koprulu.sector> 2024-03-30 01:13:30 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2024-03-30 01:13:30 +0000
commit: d9ec8de250ddc362ca4726cd6c055216b529177a (patch)
tree: 41583a3d39640bf31918130f91d9f94f0c59b9b0 /profiles/package.mask
parent: 62090949b4fde34bbcbb4bd770a9635c6ac0c55e (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/profiles/package.mask b/profiles/package.mask
index 7abcf6cc3031..6c0d5f5a7b23 100644
--- a/profiles/package.mask
+++ b/profiles/package.mask
@@ -34,10 +34,19 @@
 #--- END OF EXAMPLES ---
 
 # Sam James <sam@gentoo.org> (2024-03-28)
+# Newer releases were signed by a potentially compromised upstream maintainer.
+# There is no evidence that these releases contain malicious code, but masked
+# out of an abundance of caution. See bug #928134.
+>=app-arch/xz-utils-5.4.3
+
+# Sam James <sam@gentoo.org> (2024-03-28)
 # Backdoor discovered in release tarballs. DOWNGRADE NOW.
 # https://www.openwall.com/lists/oss-security/2024/03/29/4
 # https://bugs.gentoo.org/928134
->=app-arch/xz-utils-5.6.0
+~app-arch/xz-utils-5.5.1_alpha
+~app-arch/xz-utils-5.5.2_beta
+~app-arch/xz-utils-5.6.0
+~app-arch/xz-utils-5.6.1
 
 # Michał Górny <mgorny@gentoo.org> (2024-03-26)
 # Last release in 2012.  No reverse dependencies.
author	V3n3RiX <venerix@koprulu.sector>	2024-03-30 01:13:30 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2024-03-30 01:13:30 +0000
commit	d9ec8de250ddc362ca4726cd6c055216b529177a (patch)
tree	41583a3d39640bf31918130f91d9f94f0c59b9b0 /profiles/package.mask
parent	62090949b4fde34bbcbb4bd770a9635c6ac0c55e (diff)