<jaeger>
I have read about it a bit and I don't think we're affected since we don't link with systemd/xz/lzma... but I could be wrong
<tilman>
only builds done where debian/rules exists or where RPM_ARCH is set to x86_64 or something seem to be affected. let me find the link that claims so
<jaeger>
Yeah, saw that as well in the original mail to oss-security
<tilman>
this ifunc feature seems to be an optimization that speeds up calls into crc via function pointers, but it might lead to vulnerable code(?)
<jaeger>
I'm not 100% sure we could trust older tarballs since they're hosted at the same place... but I don't find the bad-3-corrupt_lzma2.xz archive in them either
<jaeger>
So maybe disabling ifunc and downgrading to 5.4.x would be a good idea for the short term?
<jaeger>
Looks like 5.4.x doesn't have the ifunc switch anyway