The xz package that has already entered the current F40 pre-release versions/variants and rawhide contains malicious code. This does NOT affect users of the Fedora releases (F38, F39 are thus not affected), but all users who use already F40 pre-release versions/variants or rawhide shall read this: Article: CVE details: https://access.redhat.com/security/cve/CVE-2024-3094 Be aware that this is CVE criticality 10: this is the highest risk factor. Also be aware that the header of the RH arti...
Im not irritated, im saying that your logic is flawed, stop using some software piece due to a vulnerability is at least dumb, every software will have at least one, open source or not, we are humans, we commit errors, example: the SMB vulnerability that allowed the quick spread of WannaCry in 2017, and that was on Windows, and actually we are lucky that this happened on open source software and not in some big corporation privative software, if that was the case, we wouldnt be able to know about the backdoor until a large cyberattack happened