liblzma/xz  does Not Affect deepin OS (All Versions)

liblzma/xz does Not Affect deepin OS (All Versions)

Recently, after the disclosure of security vulnerabilities in the open source software liblzma/xz versions 5.6.0 and 5.6.1, deepin has completed a check of all its products and confirmed that all versions of the deepin operating system are not affected by the vulnerabilities, so please feel free to use them. Vulnerability Description: A backdoor program has been discovered in the upstream code of xz versions 5.6.0 and 5.6.1, which modifies the compilation result by adding test binary data, and then extracting the contents of said data in the compilation script. Initial research has shown that the generated code hooks into OpenSSH's ...Read more