Just a quick heads up for folks that like to stay aware of these things.
https://www.openwall.com/lists/oss-security/2024/03/29/4
The discussion there well explains the situation, and why you're likely not at risk (the code wasn't widely in use yet).
"Luckily xz 5.6.0 and 5.6.1 have not yet widely been integrated by linux
distributions, and where they have, mostly in pre-release versions."
So, if you can benefit from reading a thorough discussion of linux code in upstream tarballs, and have considered running - or have run - some pre-release Debian lately you should have a looksee so you know who to craft a voodoo doll of and torment with pins under their fingernails, or at least which code not to run.
I'm really happy linux is open source, and good honest people forthrightly discuss it.
Just think if the CIA was open source, and anyone good or honest was involved, how much a better place the world would be.
Edit: https://boehs.org/node/everything-i-know-about-the-xz-backdoor
re-Edit: https://hachyderm.io/@danderson/112185746000358589
New discoveries.
re-re-Edit: https://gynvael.coldwind.pl/?lang=en&id=782
Discussion of the obfuscation, which is pretty interesting, and how the sploit functions.