This #xz backdoor is tracked as CVE-2024-3094 and this CVE was opened by #RedHat. You can find our data on this at https://access.redhat.com/security/cve/CVE-2024-3094 If you search for "CVE-2024-3094" with the search engine of your choice you will find a growing list of references (and clickbait stories) of which https://nvd.nist.gov/vuln/detail/CVE-2024-3094 is a bit more relevant as it contains a long list of links to more news and background. The thread that started it all is at https://www.openwall.com/lists/oss-security/2024/03/29/4
I will let this tread rest for a while, as IMHO (In My Humble Opinion) everything we know ATM (At This Moment) is documented in the links I provided and besides making sure our machines have been updated (more precise: downgraded the xz package) there is not much we can do. I will NOT participate in speculations and potentially harmful spreading of rumours. And now I will be taking care of other things on this beautiful day. Thank you all for taking your time to read and comment!