If you are running Debian testing or sid, or Fedora 41 or Rawhide, you may have a backdoored liblzma
Original report: oss-security - backdoor in upstream xz/liblzma leading to ssh server compromise
Red Had advisory: Urgent security alert for Fedora Linux 40 and Fedora Rawhide users
Debian advisory: [SECURITY] [DSA 5649-1] xz-utils security update
If you know any other distributions that use .deb or .rpm packages, and have shipped xz or liblzma versions 5.5.* or 5.6.*, include information in the comments