On Fri, Mar 29, 2024 at 07:27:37PM +0000, Martin Dosch wrote: > > > Hi, I'd like to request the backports of xz-utils from bookworm to > > > bullseye. > > > > As long as it's the security fixed 5.6.1+really5.4.5-1 or newer. > > Bookworm has version 5.4.1. The version known to be backdoored have only > been in testing/unstable.
The person apparently responsible for adding the backdoor to xz-utils has been an upstream maintainer of that project for some time. It's worth applying just a bit of additional paranoia around all changes related to that package for now. noah
