Hi everyone, I recently read through this: https://www.openwall.com/lists/oss-security/2024/03/29/4
It sounds like xz 5.6.0 and 5.6.1 are backdoored. Not sure if FreeBSD is or not, but it looks like 14-stable and main have xz 5.6.0. In my opinion, earlier versions may also be suspect given that this may have been a deliberate backdoor from a maintainer. I propose that we go back to a "known safe" version. It would probably be unwise to push 14.1 as-is, as well. The Github repository has currently been locked out. Hoping that someone more aware of what's going on can offer more insight. Thanks! -Henrich
