summaryrefslogtreecommitdiffstats
path: root/tools/macos-setup.sh
diff options
context:
space:
mode:
Diffstat (limited to 'tools/macos-setup.sh')
-rwxr-xr-xtools/macos-setup.sh8
1 files changed, 8 insertions, 0 deletions
diff --git a/tools/macos-setup.sh b/tools/macos-setup.sh
index ec25bf7..0017ffc 100755
--- a/tools/macos-setup.sh
+++ b/tools/macos-setup.sh
@@ -62,6 +62,14 @@ fi
# XXX: tar, since macOS 10.9, can uncompress xz'ed tarballs,
# so perhaps we could get rid of this now?
#
+# DO NOT UPDATE THIS TO A COMPROMISED VERSION; see
+#
+# https://www.openwall.com/lists/oss-security/2024/03/29/4
+#
+# https://access.redhat.com/security/cve/CVE-2024-3094
+#
+# https://nvd.nist.gov/vuln/detail/CVE-2024-3094
+#
XZ_VERSION=5.2.5
#
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-03 15:09:47 +0000