Is there any more detailed evaluation of this hole? It reads absolutely catastrophic, like that secure APT is basically broken since 2011,… and if anyone has found that issue before (which one must assume in the worst case) any code could have been rather easily introduced in any Debian based system, from end users to DDs.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1812353 Title: content injection in http method (CVE-2019-3462) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1812353/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
