Debian on xz-utils: revert to version that does no...

[wooque]

Not really, malicious actor committed to xz project for 2 years, over 700 commits, there could be security issues in stable xz as well.

[babuskov]

Exactly. Per discussion in the link, the safe versions are 5.2.x and earlier. So, Debian 11 (oldstable) is not affected as it runs 5.2.5, but Debian 12 (stable) could have some other backdoor from the same author.