profiles: add references to xz-utils mask

See https://www.openwall.com/lists/oss-security/2024/03/29/4. Bug: https://bugs.gentoo.org/928134 Signed-off-by: Sam James <sam@gentoo.org>
author: Sam James <sam@gentoo.org> 2024-03-29 16:14:28 +0000
committer: Sam James <sam@gentoo.org> 2024-03-29 16:14:53 +0000
commit: e12c7ce6dab9f016b3efdd0a774793865c486b8c (patch)
tree: db5279c5a217054b839792495adfd256f8b50d96
parent: dev-python/sip: enable tests (diff)
download: gentoo-e12c7ce6dab9f016b3efdd0a774793865c486b8c.tar.gz
gentoo-e12c7ce6dab9f016b3efdd0a774793865c486b8c.tar.bz2
gentoo-e12c7ce6dab9f016b3efdd0a774793865c486b8c.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/profiles/package.mask b/profiles/package.mask
index 9c0a936af421..7abcf6cc3031 100644
--- a/profiles/package.mask
+++ b/profiles/package.mask
@@ -34,7 +34,9 @@
 #--- END OF EXAMPLES ---
 
 # Sam James <sam@gentoo.org> (2024-03-28)
-# Serious bug which is being investigated. Please downgrade ASAP.
+# Backdoor discovered in release tarballs. DOWNGRADE NOW.
+# https://www.openwall.com/lists/oss-security/2024/03/29/4
+# https://bugs.gentoo.org/928134
 >=app-arch/xz-utils-5.6.0
 
 # Michał Górny <mgorny@gentoo.org> (2024-03-26)
author	Sam James <sam@gentoo.org>	2024-03-29 16:14:28 +0000
committer	Sam James <sam@gentoo.org>	2024-03-29 16:14:53 +0000
commit	e12c7ce6dab9f016b3efdd0a774793865c486b8c (patch)
tree	db5279c5a217054b839792495adfd256f8b50d96
parent	dev-python/sip: enable tests (diff)
download	gentoo-e12c7ce6dab9f016b3efdd0a774793865c486b8c.tar.gz gentoo-e12c7ce6dab9f016b3efdd0a774793865c486b8c.tar.bz2 gentoo-e12c7ce6dab9f016b3efdd0a774793865c486b8c.zip