current fedora release may be hit too
hugops to every damage control party and home sysadmin with too many fedora and Debian based unstable/prerelease machines
(may effect more than that)
there's a script to detect it in the email thread
Red Hat Information Risk and Security and Red Hat Product Security learned that the latest versions of the “xz” tools and libraries contain malicious code that appears to be intended to allow unauthorized access.
