Do you know the exploit was detected in Debian Sid? (by a PostgreSQL developer), Arch got the update (with both compromised versions), but because don’t directly link openssh to liblzma (as Debian), and thus this attack vector is not possible.
Also, other rolling distros also got the compromised versions, maybe: openSUSE Tumbleweed, Endeavour OS, Fedora Rawhide, Slackware -current, etc.
Do you know the exploit was detected in Debian Sid? (by a
PostgreSQL
developer), Arch got the update (with both compromised versions), but because don’t directly linkopenssh
toliblzma
(as Debian), and thus this attack vector is not possible.Also, other rolling distros also got the compromised versions, maybe: openSUSE Tumbleweed, Endeavour OS, Fedora Rawhide, Slackware -current, etc.