Right now no Debian stable versions are known to be affected.
Compromised packages were part of the Debian testing, unstable and
experimental distributions, with versions ranging from 5.5.1alpha-0.1
(uploaded on 2024-02-01), up to and including 5.6.1-1. The package has
been reverted to use the upstream 5.4.5 code, which we have versioned
5.6.1+really5.4.5-1.
Users running Debian testing and unstable are urged to update the
xz-utils packages.
For the detailed security status of xz-utils please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/xz-utils
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Get the latest Linux and open source security news straight to your inbox.