Backdoor in upstream xz/liblzma leading to SSH server compromise

[YetAnotherNick]

I am not completely sure about this exploit, but seems like a binary needed to be modified for the exploit to work[1] which was later picked up by build system.

https://github.com/tukaani-project/xz/commit/6e636819e8f0703...

[ok123456]

The binary was an xz test file that contained a script that patched the c-code.