AppImage
Are AppImages affected by the XZ backdoor? #1321
Closed
alex-spataru
started this conversation in
General
Replies: 1 comment 1 reply
-
|
Nope. The runtime uses a really old, hand-picked version of liblzma. Same goes for appimagetool. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thanks for the clarification! |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Just yesterday, it was reported that a backdoor was discovered in versions 5.6.0 and 5.6.1 of the xz utils package, as detailed in this Ars Technica article. Considering that most of us developers create AppImages on older distributions, I believe the impact of this vulnerability may be mitigated. However, I also believe that it is better to ask than to assume. In light of this issue, should we review our build mechanisms to ensure the safety of our users? I welcome your thoughts and suggestions on this matter.
Beta Was this translation helpful? Give feedback.
All reactions