On March 30th, 2024, the discovery of an backdoor in XZ Utils / liblzma specifically targeting the SSH process was announced and assigned CVE-2024-3094. RSAS is unaffected by the scope of the security issue known to date. We investigated this vulnerability because some versions of RSAS depended on liblzma, but not on any version known to be backdoored.
We will update this post and notify our mailing list if the status changes.
For more details, please read our mailing list announcement.