Comment by someNameIG
15 days ago
But has there been many actual reported security issues due to it? Like has anyone downloaded malware fro the official Ubuntu or Fedora repos?
15 days ago
But has there been many actual reported security issues due to it? Like has anyone downloaded malware fro the official Ubuntu or Fedora repos?
CVE-2008-0166 a maintainer added a security bug to openssl and it was distributed to many machines resulting in many weak ssh keys being generated. Between openssl releasing their library and it making its way to end user's machines a security vulnerability was injected.
That was literally before the first production Android phone become available. Does not seem to be a particularly common occurance. Though due to the current world situation, supply chain attacks might admittedly become more common.