In breaking news that dropped just after our weekly security column went live, a backdoor has been discovered in the xz package, that could potentially compromise SSH logins on Linux systems. The most detailed analysis so far seems to be by [Andres Freund] on the oss-security list.
This is a companion discussion topic for the original entry at https://hackaday.com/2024/03/29/security-alert-potential-ssh-backdoor-via-liblzma/