On 2019-01-23, Richard Hector <rich...@walnut.gen.nz> wrote: > > Ok, it seems if I go through the list on the dsa page above, I can then > download the packages from their respective pages on > packages.debian.org, where they're listed along with checksums. Tedious, > but should work :-) > > Richard > >
Not certain why running apt update -o Acquire::http::AllowRedirect=false before updating apt updating itself is inoperative in your case. For me, unfortunately, the camel has just now arrived with the news, and I installed the update that addressed this vulnerability yesterday in the usual manner (apt update; etc...). Maybe I've been pwned.