#Python bundles xz v5.2.5 and earlier which don't contain the backdoored binary files. #PyPI is also not affected due to using Debian Bookworm, not Sid.
Querying PyPI packages and Python Dockerhub images doesn't show any xz 5.6.x binaries.
From what I've gathered from others, the backdoor appears to target sshd (SSH server) on glibc-based distros, so if you're using Ubuntu or Fedora check that you aren't affected.
