Hacker Times
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
0fflineuser
24 days ago
|
parent
|
context
|
favorite
| on:
Shai-Hulud Themed Malware Found in the PyTorch Lig...
The nixpkg from unstable seems to be infected as it s 2.6.2
https://search.nixos.org/packages?channel=unstable&include_h...
minkowski
24 days ago
[–]
Nixpkgs uses the GitHub source, not the PyPI dist, for lightning; unclear to me from the advisory whether this should also be considered compromised.
andymcsherry
24 days ago
|
parent
|
next
[–]
Andy from Lightning here. Thanks for pointing that out, we are updating the CVE. Only the versions from PyPi were affected. The malicious code was not checked into the GitHub repository
deforciant
24 days ago
|
parent
|
prev
[–]
github is fine, the package was only pushed into pypi directly
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
