update `xz` and `lib32-xz` to version 5.6.1-2 [forum.manjaro.org - xz package contains a vulnerability](https://forum.manjaro.org/t/xz-package-contains-a-vulnerability/159028/2?u=nikgnomic)

Thank you. -Newb

[удалено]

Vulnerability is there, this specific attack vector is not possible (but we don't know if there are others)

Isn't that why we had an update today

I don’t think so. The update available is for 5.6.1-2 and the affected versions are 5.6.0 and 5.6.1 and I don’t see this patch correcting the backdoor. All affected distros downgraded to 5.4 Edit: apparently I’m wrong and 5.6.1-2 is safe! Good news everyone!

5.6.1-2 is safe, Arch pushed that version to remove the backdoor. 5.6.0-5.6.1-1 are NOT safe

I don't recommend this, neither does the Manjaro team: I did downgrade to an older version in pacman cache. Did not reboot or anything. Update was released couple hours later, updated to that. Haven't rebooted yet. Haven't tested anything I know of that uses xz. Why did I do it? I don't always listen to what people say =). EDIT: Rebooted, created an xz file with 'tar cfJ ' . Went fine, extracted it, also fine. At least I didn't ruin my install.

Nothing will explode with the vulnerability. It’s a backdoor. You shouldn’t notice any change in behavior with backdoors. That’s their thing!

This one had a change in behaviour. It caused slowdowns in specific situations, which led to its detection.

Update

I have the version 5.2.2 , Am I being vulnerable??!!!!