Since there's been some discussion about versions, the version in my xz-unscathed git repository is the same as xz 5.3.2alpha, with the addition of a fix for CVE-2022-1271 that did not make it into that version. (It was fixed in 5.2.6, but 5.3.2alpha was diverged from 5.2.5. Jia Tan was involved in 5.2.6.)
5.2.5 might be a more stable version to revert to; it also predates Jia Tan's involvement. The CVE-2022-1271 fix would need to be included. Note that erofs-utils apparently had a reason to need the 5.3.2alpha release, so reverting to 5.2.5 would probably cause difficulty with that package. That dependency versioning information is not included in the debian sources for erofs-utils BTW. I have not checked compatability with other packages except for dpkg. -- see shy jo
signature.asc
Description: PGP signature