MidnightBSD Developer Journal

There is an xz vulnerability in 5.6.0 and 5.6.1 that was caused by a malicious payload added via a commit.  https://boehs.org/node/everything-i-know-about-the-xz-backdoor

At this time, I am unaware of anything in libarchive that is considered dangerous as mentioned on that website.  MidnightBSD does not use the affected versions of xz in base. We have 5.2.9 right now.

We just released mport 2.6.2; it fixes two bugs with mport list and mport list updates that would cause no output to display.

This has been imported into current and stable/3.1 branches