You must log in or # to comment.
They mention versions from 5.5.1 are affected.
Everywhere else I’ve read only 5.6.0 and 5.6.1 are.
Is this an abundance of caution by the Debian security team, or is Debian’s earlier version affected due to patching done by the package maintainers?
Good question. Maybe it has to do with the fact that the backdoor contributor was on the xz project for about two years.
Yep. All distros are rolling-back to before JiaT75 was involved.