Incorrect: the backdoored version was originally discovered by a Debian sid user on their system, and it presumably worked. On arch it’s questionable since they don’t link sshd with liblzma (although some say some kind of a cross-contamination may be possible via a patch used to support some systemd thingy, and systemd uses liblzma). Also, probably the rolling opensuse, and mb Ubuntu. Also nixos-unstalbe, but it doesn’t pass the argv[0] requirements and also doesn’t link liblzma. Also, fedora.
Incorrect: the backdoored version was originally discovered by a Debian sid user on their system, and it presumably worked. On arch it’s questionable since they don’t link
sshdwithliblzma(although some say some kind of a cross-contamination may be possible via a patch used to support some systemd thingy, and systemd usesliblzma). Also, probably the rolling opensuse, and mb Ubuntu. Also nixos-unstalbe, but it doesn’t pass theargv[0]requirements and also doesn’t linkliblzma. Also, fedora.Btw, https://security.archlinux.org/ASA-202403-1
Sid was that dickhead in Toystory that broke the toys.
If you’re running debian sid and not expecting it to be a buggy insecure mess, then you’re doing debian wrong.