I noticed the CVE for xz while updating (CVE was created just hours before) so I reverted to older version just in case. There are several factors which would have made the backdoor not work in Sailfish (based on current information): we don’t use patched openssh, the architectures affected are rare or non-existent for Sailfish, and most importantly we build xz from git and since one of the critical parts for enabling the backdoor is only in the release tarball it wouldn’t have been enabled.
" I have no trust in the new business owners yet" ---- I follow your position
Meanwhile, did you review 4.6 and do you find it interesting (new EULA, bug fixes, especially on Xperia 10 III ?)
I updated my Xperia XA2, everything seemed to work, but I didn’t use it for long and only without SIM. On my main device Xperia 10 III, I still didn’t do the update. I don’t notice the small bugs that may have been fixed.
1 Like