Or is there anything going to happen wrt to https/TLS?
I, personally, are not convinced of doing this...
In this specific case, and rogue mirror could have still exploited the
hole, and I'd assume there is nothing done to check the trustworthiness
of mirror operators (there's no real way to do
Hmm that's pretty bad then (which is not to be read as blaming you or
anyone else here).
Are there going to be any… "consequences"?
I mean trying to find out whether systems have been compromised is probably
impossible... an attacker could have used this long ago to basically do
everything,
Is there any more detailed evaluation of this hole?
It reads absolutely catastrophic, like that secure APT is basically
broken since 2011,… and if anyone has found that issue before (which one
must assume in the worst case) any code could have been rather easily
introduced in any Debian based
Hey Julian...
How has this been fixed eventually?
As I proposed, that all available hash algos are verified and if any
fails consider it completely failed,... plus a minimum hash algo (that
is not md5 or sha1 ^^)?
Cheers,
Chris.
--
You received this bug notification because you are a member
4 matches
Mail list logo