Hmm that's pretty bad then (which is not to be read as blaming you or anyone else here).
Are there going to be any… "consequences"? I mean trying to find out whether systems have been compromised is probably impossible... an attacker could have used this long ago to basically do everything, from silently taking over end user systems to secretly injecting code in development repos. Sure one can argue that this might have been noticed - but it also might have been not. But is there a chance to e.g. get full audits of apt done by security experts? I'd assume that aptitude was also fully affected by this, right? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1812353 Title: content injection in http method (CVE-2019-3462) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1812353/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
