On Tue, Jan 22, 2019 at 04:24:40PM +0100, KatolaZ wrote:
> The full DSA is available below, and the corresponding CVE is at:
>
> https://security-tracker.debian.org/tracker/CVE-2019-3462
>
> The safest way would actually be to manually download the deb packages
> of apt from the debian-security pool (more information available
> below), or to use pkgmaster.devuan.org in your sources.list to do the
> upgrade (pkgmaster.devuan.org is not a rough mirror...).
>
> The issue has not yet been fixed in buster/sid (beowulf/ceres), but I
> guess a patched version will be published soon.
The unstable fix for this is also availble now in version 1.8.0~alpha3.1.
Mark