Hopefully this does not affect you but if you are running something like Arch, OpenSUSE tumbleweed, Debian sid or Fedora Rawhide and use SSH for remote access you should do a full wipe.
Hopefully this does not affect you but if you are running something like Arch, OpenSUSE tumbleweed, Debian sid or Fedora Rawhide and use SSH for remote access you should do a full wipe.
That’s not correct as far as I can tell. The backdoored code ended up in release tarballs (but not source tarballs because of
autoconffuckery), see eg. this mailing list discussion.Ah, you’re right. I wasn’t aware they had release tars on GitHub as well