guenther, 2 months ago German So, it appears the #Rust ecosystem may be hit by the #xz backdoor as well, since the #liblzma bundles xz 5.6.0 and they even had a major/breaking update within the last month specifically to upgrade to the now known-to-be-corrupted version. https://crates.io/crates/liblzma-sys/versions (not linking github because the repo contents might get manipulated, but they're vendoring xz in there) Edit: The xz2 crate seems to be much more popular throughout the ecosystem though, and appears to use a xz 5.2.0.
So, it appears the #Rust ecosystem may be hit by the #xz backdoor as well, since the #liblzma bundles xz 5.6.0 and they even had a major/breaking update within the last month specifically to upgrade to the now known-to-be-corrupted version.
https://crates.io/crates/liblzma-sys/versions
(not linking github because the repo contents might get manipulated, but they're vendoring xz in there)
Edit: The xz2 crate seems to be much more popular throughout the ecosystem though, and appears to use a xz 5.2.0.
