Gentoo Linux Security Advisory 202403-4 - A backdoor has been discovered in XZ utils that could lead to remote compromise of systems. Versions less than 5.6.0 are affected.
5f842a94bf5c0b3dfd7216f05ebba3dbaab462828954555770b288dbf1f50b84
It has been discovered that the upstream source tarballs for xz-utils, the XZ-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library. Included in this archive are not only the advisory but additional data and a testing script to see if you're affected.
24e782ee2711640bef44e50dae3e4bd40c2ec8ddbbf87dbc1461e7d4aa22e1db
Debian Linux Security Advisory 5649-1 - Andres Freund discovered that the upstream source tarballs for xz-utils, the XZ-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library.
a36f16841d48439de0dca87969734d17803a93009098f4ca6fe3dd1c574bdc99