Was I exposed to xz backdoor?

I upgraded to f40 beta a week ago and i did not know about xz backdoor but now i know i checked my system and looks like i was safe can someone who is more technical review my tests i have pasted them below

fedora:~$ rpm -qi xz
Name : xz
Epoch : 1
Version : 5.4.6
Release : 3.fc40
Architecture: x86_64
Install Date: Fri 05 Apr 2024 10:36:08 AM IST
Group : Unspecified
Size : 2069923
License : GPLv2+ and Public Domain
Signature : RSA/SHA256, Fri 29 Mar 2024 04:00:43 AM IST, Key ID 0727707ea15b79cc
Source RPM : xz-5.4.6-3.fc40.src.rpm
Build Date : Fri 29 Mar 2024 03:29:10 AM IST
Build Host : buildhw-x86-08.iad2.fedoraproject.org
Packager : Fedora Project
Vendor : Fedora Project
URL : XZ Utils
Bug URL : https://bugz.fedoraproject.org/xz
Summary : LZMA compression utilities
Description :
XZ Utils are an attempt to make LZMA compression easy to use on free (as in
freedom) operating systems. This is achieved by providing tools and libraries
which are similar to use than the equivalents of the most popular existing
compression algorithms.

LZMA is a general purpose compression algorithm designed by Igor Pavlov as
part of 7-Zip. It provides high compression ratio while keeping the
decompression speed fast.

fedora:~$ dnf history info xz | grep xz
Upgrade xz-1:5.4.6-3.fc40.x86_64 fedora
Upgraded xz-5.4.4-1.fc39.x86_64 System
Upgrade xz-devel-1:5.4.6-3.fc40.x86_64 fedora
Upgraded xz-devel-5.4.4-1.fc39.x86_64 System
Upgrade xz-libs-1:5.4.6-3.fc40.x86_64 fedora
Upgraded xz-libs-5.4.4-1.fc39.x86_64 System
Upgrade xz-lzma-compat-1:5.4.6-3.fc40.x86_64 fedora
Upgraded xz-lzma-compat-5.4.4-1.fc39.x86_64 System
Upgrade xz-5.4.4-1.fc39.x86_64 fedora
Upgraded xz-5.4.1-1.fc38.x86_64 System
Upgrade xz-devel-5.4.4-1.fc39.x86_64 fedora
Upgraded xz-devel-5.4.1-1.fc38.x86_64 System
Upgrade xz-libs-5.4.4-1.fc39.x86_64 fedora
Upgraded xz-libs-5.4.1-1.fc38.x86_64 System
Upgrade xz-lzma-compat-5.4.4-1.fc39.x86_64 fedora
Upgraded xz-lzma-compat-5.4.1-1.fc38.x86_64 System
Upgrade xz-5.4.1-1.fc38.x86_64 fedora
Upgraded xz-5.4.1-1.fc37.x86_64 System
Upgrade xz-libs-5.4.1-1.fc38.x86_64 fedora
Upgraded xz-libs-5.4.1-1.fc37.x86_64 System
Upgrade xz-lzma-compat-5.4.1-1.fc38.x86_64 fedora
Upgraded xz-lzma-compat-5.4.1-1.fc37.x86_64 System
Upgrade xz-5.4.1-1.fc37.x86_64 updates
Upgraded xz-5.2.5-9.fc35.x86_64 System
Upgrade xz-libs-5.4.1-1.fc37.x86_64 updates
Upgraded xz-libs-5.2.5-9.fc35.x86_64 System
Upgrade xz-lzma-compat-5.4.1-1.fc37.x86_64 updates
Upgraded xz-lzma-compat-5.2.5-9.fc35.x86_64 System
Upgrade xz-5.2.5-9.fc35.x86_64 updates
Upgraded xz-5.2.5-7.fc35.x86_64 System
Upgrade xz-libs-5.2.5-9.fc35.x86_64 updates
Upgraded xz-libs-5.2.5-7.fc35.x86_64 System
Install xz-5.2.5-7.fc35.x86_64 anaconda
Install xz-libs-5.2.5-7.fc35.x86_64 anaconda

fedora:~$ strings which xz | grep ‘5.6.[01]’

fedora:~$ which xz
/usr/bin/xz

fedora:~$ dnf history xz
ID | Command line | Date and time | Action(s) | Altered

60 | system-upgrade upgrade                                  | 2024-04-05 10:35 | C, D, E, I, O, | 2470 E<
50 | system-upgrade upgrade                                  | 2023-09-28 20:49 | C, D, E, I, O, | 2364 ><

i have to remove @ bcoz my post was not posting

I would have to research to verify, but AFAIK only F40 (and maybe rawhide) were affected by that malware, and it was the 5.6.0 version that contained it. Your logs do not show that version anywhere so you should be safe.

I saw it installed with an update done on 3/25 on my VM testbed for f40 and removed it as soon as it was reported.

You never had the bad version on the system. At the time you ran the update, it was already fixed by downgrading to the latest good version.

tnx buddy

tnx buddy