GitHub took down xz-utils

[starg2]

Malicious code was discovered in xz-utils and GitHub took down the project page.

• CVE-2024-3094 Detail
• Backdoor in upstream xz/liblzma leading to SSH server compromise
• FAQ on the xz-utils backdoor

Mingw-builds includes xz-utils unless the extra packages are disabled with --no-extras option. We are probably safe because we still use version 5.4.3 and the backdoor only runs on Linux. However, the build currently fails because the project page has been disable by GitHub.

[starg2]

https://github.com/tukaani-project/xz is now available again.