Has apt security issue been resolved in the latest iso image?
Hello all! Is downloading the Trisquel 8.0 LTS Flidas 2.5GB Live DVD iso image relatively safe from the DSA-437 apt bug now?
In other words, if we were to do a new installation of Trisquel, and then run the "#sudo apt-get update && sudo apt-get upgrade" commands after installing Trisquel to the HDD, would that be safe from the DSA-4371 bug?
I have heard that apt got fixed for Debian. Source: https://www.debian.org/News/2019/20190123
I hope the iso image of Trisquel's apt is fixed, or will be fixed soon as well.
Thank you in advance! :D
Since the vulnerability is present in the package manager itself, it is recommended to disable redirects in order to prevent exploitation during this upgrade only, using:
apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade
Would exploitation still be possible if this was done after Trisquel was fully installed but the option "Download updates while installing Trisquel" was enabled during the installation process?