Same story, but this one adds some more details and other links.

  • xlash123@sh.itjust.works
    link
    fedilink
    arrow-up
    19
    ·
    edit-2
    7 months ago

    A backdoor is very distinct from a vanilla vulnerability. Heartbleed was a vulnerability, meaning the devs made a mistake in the code, introducing a method of attack. XZ was backdoored, meaning a malicious actor intentionally introduced a method by which he could exploit systems.

    Both are pretty serious vulnerabilities, but a backdoor, especially introduced so high in the supply chain, would have been devastating had it not been caught so early.