forked from jralls/gtk-osx-build
-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
xz-utils
CVE fallout broke our build
#42
Comments
totaam
changed the title
cx CVE fallout broke out build
Mar 30, 2024
xz-utils
CVE fallout broke out build
totaam
changed the title
Jun 1, 2024
xz-utils
CVE fallout broke out buildxz-utils
CVE fallout broke our build
Updated xz to 5.6.2 in 1050b4d |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We have a (non-vulnerable it seems) download link to
xz
:gtk-osx-build/modulesets-stable/bootstrap.modules
Lines 38 to 41 in 49eb381
And when github took the whole project down because of CVE-2024-3094, this broke our builds..
I'm not saying that taking the project down was not the right thing to do.
Just a cautionary tale about reproducible builds.
The text was updated successfully, but these errors were encountered: