Aoups, si ça se vérifie, c'est un SACRÉ problème
Le CVE: CVE-2024-3094 avec un impressionnant
Base Score: 10.0 CRITICAL
En résumé:
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
En pratique: tous les officiers de sécurités du Monde doivent être en mode "transpirtion", level FORT !