Whomp whomp
*Doesn't appear to be incorporated into Asuswrt-Merlin. 5.4.6-1 xz is a entware however “Some malicious code was added to XZ 5.6.0/5.6.1 that could allow unauthorized remote system access.”
Earlier versions should be safe however xz utils upstream should not be trusted until further security research is done and the backdoor is patched.
Last edited: