Based on my examination of the package https://juliahub.com/ui/Packages/General/XZ_jll - XZ_jll.jl (v5.6.1+0)
it appears to be connected to a security issue detailed here: https://www.phoronix.com/news/XZ-CVE-2024-3094
- “Some malicious code was added to XZ 5.6.0/5.6.1 that could allow unauthorized remote system access.”
This security issue is probably not critical in Julia in XZ_jll.jl (v5.6.1+0)
,
but could someone check if it could pose a problem?
4 Likes
Work in progress …
check:
$ docker run -it --rm julia:1.11-rc julia
_
_ _ _(_)_ | Documentation: https://docs.julialang.org
(_) | (_) (_) |
_ _ _| |_ __ _ | Type "?" for help, "]?" for Pkg help.
| | | | | | |/ _` | |
| | |_| | | | (_| | | Version 1.11.0-alpha2 (2024-03-18)
_/ |\__'_|_|_|\__'_| | Official https://julialang.org/ release
|__/ |
(@v1.11) pkg> add XZ_jll
Installing known registries into `~/.julia`
Updating registry at `~/.julia/registries/General.toml`
Resolving package versions...
Installed JLLWrappers ─ v1.5.0
Installed XZ_jll ────── v5.4.6+0
Installed Preferences ─ v1.4.3
Updating `~/.julia/environments/v1.11/Project.toml`
[ffd25f8a] + XZ_jll v5.4.6+0
Updating `~/.julia/environments/v1.11/Manifest.toml`
[692b3bcd] + JLLWrappers v1.5.0
[21216c6a] + Preferences v1.4.3
[ffd25f8a] + XZ_jll v5.4.6+0
[56f22d72] + Artifacts v1.11.0
[ade2ca70] + Dates v1.11.0
[8f399da3] + Libdl v1.11.0
[de0858da] + Printf v1.11.0
[fa267f1f] + TOML v1.0.3
[4ec0a83e] + Unicode v1.11.0
Precompiling project...
3 dependencies successfully precompiled in 4 seconds. 4 already precompiled.
4 Likes
Related julia codes ( by github search )
1 Like