|
|
|
|
|
|
by tetha
771 days ago
|
|
|
>"openssh does not directly use liblzma. However debian and several other distributions patch openssh to support systemd notification, and libsystemd does depend on lzma. Arch does not directly link openssh to liblzma", so at least one of your examples is wrong. That specific vulnerability was not in Arch. This is such a weird formulation though, because "other distributions" apparently included insignificant parts of the linux landscape like Fedora (i.e. the testing variant of the RedHat world) and SUSE. And if the three largest upstream distris in the linux world have this mistake, calling that "Well some distris, but screw mostly Debian" doesn't sound like a strong point. |
|
|