shunsock

<h2 id="about">
<a class="header-anchor-link" href="#about" aria-hidden="true"></a> About</h2>
<p>xzの脆弱性が発見されたので対応した</p>
<blockquote>
<p>Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0.</p>
</blockquote>
<p>reference: <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-3094" target="_blank" rel="nofollow noopener noreferrer">https://nvd.nist.gov/vuln/detail/CVE-2024-3094</a></p>
<h2 id="check-version-of-xz">
<a class="header-anchor-link" href="#check-version-of-xz" aria-hidden="true"></a> Check Version of XZ</h2>
<p>調べたところ，私は問題となった<code>5.6.x</code>系を使っていなかった．</p>
<div class="code-block-container"><pre class="language-bash"><code class="language-bash">shunsuke.tsuchiya <span class="token keyword">in</span> ~ λ xz <span class="token parameter variable">--version</span>
xz <span class="token punctuation">(</span>XZ Utils<span class="token punctuation">)</span> <span class="token number">5.4</span>.5
liblzma <span class="token number">5.4</span>.5
</code></pre></div><h2 id="pin-software-version-with-brew">
<a class="header-anchor-link" href="#pin-software-version-with-brew" aria-hidden="true"></a> Pin Software Version with Brew</h2>
<p>よって以下の方法でバージョンを固定し，brew upgradeに巻き込まれないようにした．</p>
<div class="code-block-container"><pre class="language-bash"><code class="language-bash">brew pin xz
brew list <span class="token parameter variable">--pinned</span>
// xz
</code></pre></div>

<h2 id="how-to-pin-software-version-with-brew">
<a class="header-anchor-link" href="#how-to-pin-software-version-with-brew" aria-hidden="true"></a> How to Pin Software Version with Brew</h2>
<div class="code-block-container"><pre class="language-bash"><code class="language-bash">brew pin // pin software version
brew unpin // remove pin
brew list <span class="token parameter variable">--pinned</span>  // checking
</code></pre></div>