_Please_ do not advise people to run `xz --version` or similar to check whether they're affected or not.
Right now, as far as I know, the analysis of the obfuscated malware is far from complete. There may be other triggers. There may be malware in older versions, because the attacker had commit access for years.
By running xz and asking it for its version, you're _running_ what could be more malware.
Instead, ask the system's package manager which version of xz is currently installed.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.