eopkg vulnerable to package file list integrity bypass

eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could include files that are not tracked by `eopkg`. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be shown by `lseopkg` and related tools. The issue has been fixed in v4.4.0. Users only installing packages from the Solus repositories are not affected.

N/A

缺失完整性检查支持

eopkg 安全漏洞

eopkg是GetSolus开源的一个包管理器。 eopkg 4.4.0之前版本存在安全漏洞，该漏洞源于恶意软件包可能包含eopkg未跟踪的文件，导致相关工具无法显示这些文件。

N/A

N/A