Re: Security lessons from liblzma
Thomas Munro <thomas.munro@gmail.com>
From: Thomas Munro <thomas.munro@gmail.com>
To: Bruce Momjian <bruce@momjian.us>
Cc: PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2024-03-29T22:48:35Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Introduce a non-recursive JSON parser
- 3311ea86edc7 17.0 cited
On Sat, Mar 30, 2024 at 11:37 AM Bruce Momjian <bruce@momjian.us> wrote: > You might have seen reports today about a very complex exploit added to > recent versions of liblzma. Fortunately, it was only enabled two months > ago and has not been pushed to most stable operating systems like Debian > and Ubuntu. The original detection report is: > > https://www.openwall.com/lists/oss-security/2024/03/29/4 Incredible work from Andres. The attackers made a serious strategic mistake: they made PostgreSQL slightly slower.