Quote from: Patrick M. Hausen on May 10, 2025, 12:02:49 AMWhat exactly is the security relevant problem with any current version of OPNsense?
Probably nothing, it only affects services that are linked to liblzma and use the lzma_stream_decoder_mt function. After a quick and not representative research (searching for lzma_stream_decoder_mt and comparing the hit count to lzma_stream_decoder on github) the multithreaded variant is hardly used.