see shy jo on Nostr: We don't need any of the changes they made to xz. xz from 2021 was fine. They did ...
We don't need any of the changes they made to xz. xz from 2021 was fine.
They did make commits that claimed to fix an integer overflow, apparently legitimately. So they were deep into analyzing xz security at that point.
https://github.com/tukaani-project/xz/commit/18d7facd3802b55c287581405c4d49c98708c136
They did make commits that claimed to fix an integer overflow, apparently legitimately. So they were deep into analyzing xz security at that point.
https://github.com/tukaani-project/xz/commit/18d7facd3802b55c287581405c4d49c98708c136