Hello and welcome.
https://cdimage.debian.org/cdimage/weekly-builds/amd64/
As you can see, as of 2024-03-07 it is not possible to build the current
amd64 (weekly-builds) Debian testing image.
However, the available ISO image (according to:
https://cdimage.debian.org/cdimage/weekly-builds/amd64/list-dvd/debian-testing-amd64-DVD-1.list.gz)
contains the files:
xz-utils_5.6.0-0.2_amd64.deb
liblzma5_5.6.0-0.2_amd64.deb
liblzma5-udeb_5.6.0-0.2_amd64.udeb
liblzma-dev_5.6.0-0.2_amd64.deb
These files are vulnerable and inject malicious code at compile time
(CVE-2024-3094).
Therefore, shouldn't these images be removed?
P.S.
I know there is a 'Valid-Until:' in '/dists/trixie/Release' in the ISO
image, but changing this is no problem.
