-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix xz submodule url: the GitHub mirror was banned due to CVE-2024-3094 #8304
Conversation
The current xz version is 5.4.4 which is not affected by CVE-2024-3094
30132f5
to
95a2577
Compare
@directionless, I fixed xz submodule url that was banned on GitHub due to recent CVE. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is okay. (I think the old code was okay too, but that repo is gone now)
IIRC we moved to github because tukaani.org was having outages.
@Smjert, can we merge it to fix build? |
NOTE: I merged in spite of the failure since it was unrelated (the macOS step failing due to failing to install python dependencies we need). |
Hello, It will be soon a new release with this fix included? |
We discussed this briefly in office hours today. First, we were wondering if building Second, we observed that |
Hello, Thank you for the reply.
Thanks, in this case my question it is not relevant anymore, builds from any (recent) tag should work, we don't need to include/cherry pick this commit. |
The current xz version is 5.4.4 which is not affected by CVE-2024-3094