You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current distribution (v0.3.2) on Crates.io contains the test files for xz that contain the backdoor. The test files themselves are not included in either the .tar.gz nor the .zip tags here on Github and are only present in liblzma-sys_0.3.2.crate that is installed from Crates.io.
The current distribution (v0.3.2) on Crates.io contains the test files for
xz
that contain the backdoor. The test files themselves are not included in either the.tar.gz
nor the.zip
tags here on Github and are only present inliblzma-sys_0.3.2.crate
that is installed from Crates.io.The hashes for these files are as follows:
liblzma-sys-0.3.2/xz/tests/files/bad-3-corrupt_lzma2.xz
ecda10d8877d555dbda4a4eba329e146b2be8ac4b7915fb723eaacc9f89d16bd
liblzma-sys-0.3.2/xz/tests/files/good-large_compressed.lzma
9aef898229de60f94cdea42f19268e6e3047f7136f2ff97510390a2deeda7032
It remains to be seen if these are executed in any way. Still, it seems prudent to not ship these files if it can be avoided.
The text was updated successfully, but these errors were encountered: