<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><span style="font-family: Menlo-Regular;" class="">Recently, a backdoor </span>[1]<span style="font-family: Menlo-Regular;" class=""> was discovered in the xz compression library. </span><span style="font-family: Menlo-Regular;" class="">xz/liblzma </span>[2] <font face="Menlo-Regular" class="">are packaged by the OpenCSW project and various other packages are depending on the liblzma library </font>[3]. <div class=""><br class=""></div><div class="">I have released today the version <font face="Menlo-Regular" class="">5.6.0r529 to the repository, which is based on the 5.2.9. This is the last release before Jian Tian got active in the xz project </font>[4]<span style="font-family: Menlo-Regular;" class=""> (Thanks to Jeffrey Walton for the hint). Be aware that the 5.2.9 release might contain other security related issues. </span></div><div class=""><span style="font-family: Menlo-Regular;" class=""><br class=""></span></div><div class=""><font face="Menlo-Regular" class="">The downgrade might break ABIs to other packages and we are currently verifying, if any packages are affected by the downgrade.</font></div><div class=""><font face="Menlo-Regular" class=""><br class=""></font></div><div class=""><font face="Menlo-Regular" class="">I am constantly monitoring the current development about xz and I will update the package accordingly.</font></div><div class=""><div class=""><span style="font-family: Menlo-Regular;" class=""><br class=""></span></div><div class="">[1] <a href="https://www.openwall.com/lists/oss-security/2024/03/29/4" class="">https://www.openwall.com/lists/oss-security/2024/03/29/4</a></div><div class="">[2] <a href="https://www.opencsw.org/packages/CSWxz/" class="">https://www.opencsw.org/packages/CSWxz/</a></div><div class="">[3] <a href="https://www.opencsw.org/packages/liblzma5/" style="font-family: Menlo-Regular;" class="">https://www.opencsw.org/packages/liblzma5/</a></div><div class="">[4] <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024#5" class="">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024#5</a></div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Regards</div><div class=""><br class=""></div><div class="">Ihsan</div></body></html>