mastodon.xyz is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance, open to everyone, but mainly English and French speaking.

Administered by:

Server stats:

864
active users

It looks like I already had #xz 5.6.1 on my Mac. Downgrade was already pushed into brew. Luckily, the code is only activated on x86_64 and Linux OS IIUC.

But to put things into perspective, FreeBSD does use the same library. Playstation OS is based off FreeBSD as well as ton of other things. Not that PS5 runs sshd or anything, just saying.

Garrett LeSage

@lzap The compromised xz was included in a Microsoft C++ tool too.

github.com/microsoft/vcpkg/iss

It's used not just on Linux, but also on macOS and Windows.

It makes me wonder how much of stuff like this is already out there "in the wild", especially in proprietary software (including permissive FOSS that was absorbed or relicensed), where people aren't auditing as much.

GitHubliblzma port uses compromised version · Issue #37839 · microsoft/vcpkgBy marekr