ChanTsune
commented
5 months ago @amousset Thank you for letting us know! We'll be keeping an eye on this matter!
Closed amousset closed 5 months ago
ChanTsune
commented
5 months ago @amousset Thank you for letting us know! We'll be keeping an eye on this matter!
See https://www.openwall.com/lists/oss-security/2024/03/29/4
This library is very likely not impacted as it does not use the tarball which contains the backdoor activation but directly the git repository as a submodule, but it might be worth considering a downgrade to 5.4.6 as a safety measure.