Recently, a backdoor was discovered in the xz compression library. XZ/liblzma are included as part of NetBSD and used by the project for distribution of new releases and packages. The version of xz shipped in all stable (and unstable) versions of NetBSD predates any code changes by the author of the backdoor. NetBSD is therefore safe and unaffected by the recent discoveries.
