Do you know the exploit was detected in Debian Sid? (by a PostgreSQL
developer), Arch got the update (with both compromised versions), but because don’t directly link openssh
to liblzma
(as Debian), and thus this attack vector is not possible.
Also, other rolling distros also got the compromised versions, maybe: openSUSE Tumbleweed, Endeavour OS, Fedora Rawhide, Slackware -current, etc.
Works with Chromecast 2 (no Android)?