FYI, I wrote a script to check the amd64 packages against the published hash, if anyone wants to use it, it is attached.
.hc Evgeny Kapun: > On 22.01.2019 16:59, Vladislav Kurz wrote: >> Hello everybody, >> >> is this vulnerability affecting also apt-get ? > > Yes, the vulnerability is in http backend, which is used by apt-get. > >> If yes, will there be another DSA soon? > > No, because apt-get tool is in the package apt. > >> I'm also encountering many errors when using >> apt -o Acquire::http::AllowRedirect=false update >> apt -o Acquire::http::AllowRedirect=false upgrade >> >> As written in announcement: This is known to break some proxies when >> used against security.debian.org. >> >> However I do not use proxy at all. I have problems with jessie/updates, >> cdn.debian.net, and http.debian.net > > Try these URLs: http://cdn-fastly.deb.debian.org/debian, > http://cdn-fastly.deb.debian.org/debian-security. The domains > cdn.debian.net and http.debian.net are deprecated, use deb.debian.org > instead. > >> Err http://security.debian.org jessie/updates/main i386 Packages >> 302 Found [IP: 217.196.149.233 80] >> Err http://security.debian.org jessie/updates/contrib i386 Packages >> 302 Found [IP: 217.196.149.233 80] >> Err http://security.debian.org jessie/updates/non-free i386 Packages >> 302 Found [IP: 217.196.149.233 80] >> Fetched 151 kB in 9s (16.2 kB/s) >> >> Err:14 http://cdn.debian.net/debian stretch Release >> 302 Found [IP: 2001:4f8:1:c::15 80] >> Err:15 http://cdn.debian.net/debian stretch-updates Release >> 302 Found [IP: 2001:4f8:1:c::15 80] >> Err:16 http://cdn.debian.net/debian stretch-backports Release >> 302 Found [IP: 2001:4f8:1:c::15 80] >> >> Err:7 http://http.debian.net/debian stretch Release >> 302 Found [IP: 2001:67c:2564:a119::148:14 80] >> Err:8 http://http.debian.net/debian stretch-updates Release >> 302 Found [IP: 2001:67c:2564:a119::148:14 80] >> Err:9 http://http.debian.net/debian stretch-backports Release >> 302 Found [IP: 2001:67c:2564:a119::148:14 80] >> >> >
check.sh
Description: application/shellscript
signature.asc
Description: OpenPGP digital signature