1. All supported FreeBSD releases include versions of xz that predate the affected releases.
2. The main, stable/14, and stable/13 branches do include the affected version (5.6.0), but the backdoor components were excluded from the vendor import.
3. Additionally, FreeBSD does not use the upstream’s build tooling, which was a required part of the attack. Lastly, the attack specifically targeted x86_64 Linux systems using glibc.
4. The FreeBSD ports collection does not include xz/liblzma.

https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html