@TheBlueMatt (Matt Corallo) on Twitter: "Looks like someone managed to get a backdoor into ssh in Fedora and Debian testing. Patch systems ASAP."
https://openwall.com/lists/oss-security/2024/03/29/4
older package xz-5.4.6 is available from arch archives
https://archive.archlinux.org/packages/x/xz/
