[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Developers are advised to purge these malicious packages

On Wed, Dec 04, 2019 at 07:17:58PM +0100, Christian Heimes wrote:
> At least the first pages are packaging files for Debian, Fedora, and
> other Linux distributions. Downstream distributions provide a Python
> <snip>
> Attackers abuse the fact and try to typo-squat packages in hope that
> somebody uses the Linux distribution package name "python3-dateutil"
> instead of the upstream name "python-dateutil" in requirements.txt

Yes, I understand. Thank you.