From e12c7ce6dab9f016b3efdd0a774793865c486b8c Mon Sep 17 00:00:00 2001
From: Sam James <sam@gentoo.org>
Date: Fri, 29 Mar 2024 16:14:28 +0000
Subject: profiles: add references to xz-utils mask

See https://www.openwall.com/lists/oss-security/2024/03/29/4.

Bug: https://bugs.gentoo.org/928134
Signed-off-by: Sam James <sam@gentoo.org>
---
 profiles/package.mask | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/profiles/package.mask b/profiles/package.mask
index 9c0a936af421..7abcf6cc3031 100644
--- a/profiles/package.mask
+++ b/profiles/package.mask
@@ -34,7 +34,9 @@
 #--- END OF EXAMPLES ---
 
 # Sam James <sam@gentoo.org> (2024-03-28)
-# Serious bug which is being investigated. Please downgrade ASAP.
+# Backdoor discovered in release tarballs. DOWNGRADE NOW.
+# https://www.openwall.com/lists/oss-security/2024/03/29/4
+# https://bugs.gentoo.org/928134
 >=app-arch/xz-utils-5.6.0
 
 # Michał Górny <mgorny@gentoo.org> (2024-03-26)
-- 
cgit v1.2.3-65-gdbad