Hacker News new | past | comments | ask | show | jobs | submit login

Rather unlikely. The bad actor never had access to git.tukaani.org, and the sshd version running on that host is:

    SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u3
That is, a stable Debian release. Definitely not one with liblzma5:5.6.x



Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: