[Touch-packages] [Bug 1812353] Re: content injection in http method (CVE-2019-3462)

Or is there anything going to happen wrt to https/TLS? I, personally, are not convinced of doing this... In this specific case, and rogue mirror could have still exploited the hole, and I'd assume there is nothing done to check the trustworthiness of mirror operators (there's no real way to do

[Touch-packages] [Bug 1812353] Re: content injection in http method (CVE-2019-3462)

Hmm that's pretty bad then (which is not to be read as blaming you or anyone else here). Are there going to be any… "consequences"? I mean trying to find out whether systems have been compromised is probably impossible... an attacker could have used this long ago to basically do everything,

[Touch-packages] [Bug 1812353] Re: content injection in http method (CVE-2019-3462)

Is there any more detailed evaluation of this hole? It reads absolutely catastrophic, like that secure APT is basically broken since 2011,… and if anyone has found that issue before (which one must assume in the worst case) any code could have been rather easily introduced in any Debian based

[Touch-packages] [Bug 1098738] Re: apt-get source only checks md5 hashes in Sources files

Hey Julian... How has this been fixed eventually? As I proposed, that all available hash algos are verified and if any fails consider it completely failed,... plus a minimum hash algo (that is not md5 or sha1 ^^)? Cheers, Chris. -- You received this bug notification because you are a member