You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Luckily, they apparently didn't go beyond that for our project. And they apparently didn't fork minizip.
Note that xz wasn't their only target, since they also tried their hand on libarchive: libarchive/libarchive#1609 (affecting multiple releases, fixed in libarchive 3.7.2_1)
The text was updated successfully, but these errors were encountered:
Jia Tan, now famous for incorporating a state-sponsored backdoor to the archive tool
xz
CVE-2024-3094 (CVSS score: 10.0), affecting xz 3.6.0 and 3.6.1, had forked ZipArchive in the past:https://github.com/Jiat75/ZipArchive/
Luckily, they apparently didn't go beyond that for our project. And they apparently didn't fork minizip.
Note that
xz
wasn't their only target, since they also tried their hand on libarchive:libarchive/libarchive#1609 (affecting multiple releases, fixed in libarchive 3.7.2_1)
The text was updated successfully, but these errors were encountered: