Y
Hacker News
new
|
ask
|
show
|
jobs
by
0fflineuser
54 days ago
The nixpkg from unstable seems to be infected as it s 2.6.2
https://search.nixos.org/packages?channel=unstable&include_h...
1 comments
minkowski
54 days ago
Nixpkgs uses the GitHub source, not the PyPI dist, for lightning; unclear to me from the advisory whether this should also be considered compromised.
link
andymcsherry
54 days ago
Andy from Lightning here. Thanks for pointing that out, we are updating the CVE. Only the versions from PyPi were affected. The malicious code was not checked into the GitHub repository
link
deforciant
54 days ago
github is fine, the package was only pushed into pypi directly
link