[$] How the XZ backdoor works

Versions 5.6.0 and 5.6.1 of theXZcompression utility and librarywere shipped with a backdoor that targetedOpenSSH.Andres Freunddiscovered the backdoor bynoticing that failed SSH logins were taking a lot ofCPU time while doing somemicro-benchmarking, and tracking down the backdoor from there. It was introducedby XZ co-maintainer "Jia Tan" - a probable alias for person or persons unknown.The backdoor is a sophisticated attack with multiple parts, from the buildsystem, to link time, to run time.