A new Debian Linux update has been published: XZ-Utils Security Update for Debian Testing
XZ-Utils Security Update for Debian Testing
For both the testing branch and the unstable branch of Debian GNU/Linux, updated versions of the xz-util package are now available. It has been found that the upstream source tarballs for xz-utils, which are compression utilities for the XZ file format, have been compromised and inject malicious code into the liblzma5 library that is produced as a result of the build process. [DSA 5649-1] xz-utils security update