Regarding xz-utils backdoor (liblzma5): Right now no Debian stable versions are known to be affected.
Compromised packages were part of the Debian testing, unstable and experimental distributions, with versions ranging from 5.5.1alpha-0.1 (uploaded on 2024-02-01), up to and including 5.6.1-1. The package has been reverted to use the upstream 5.4.5 code, which we have versioned 5.6.1+really5.4.5-1. Debian #Linux 12/11/10 appears safe. Taken from https://lists.debian.org/debian-security-announce/2024/msg00057.html#infosec#security
