Comment by galleywest200
1 day ago
Thank you for this! I only had two on my system, thank goodness. I have uninstalled both.
libgdata 0.18.1-5 qt5-3d 5.15.18-1
1 day ago
Thank you for this! I only had two on my system, thank goodness. I have uninstalled both.
libgdata 0.18.1-5 qt5-3d 5.15.18-1
Have you checked the install date? I'm not sure which are the compromised version numbers, but if they were installed before June 10 you're probably safe. (I think libgdata 0.18.1-5 used to be on the main repos in February, and has recently been downgraded to AUR, so you may be fine).
Only packages from AUR have been compromised, meaning a normal update `pacman -Syu` won't install them, they'll only be installed by `makepkg` or AUR helpers (such as `paru`, which asks you to review the PKGBUILD diff).
Also, if you had installed a compromised version, uninstalling the packages is not enough, you'd probably need to reinstall your system and rotate all credentials. More info here and on the linked blog: https://discourse.ifin.network/t/400-aur-packages-compromise...
These were installed before June 10th I am almost certain. I will read that link just to be safe!
Looking at my pacman cache both of these versions existed on my system before June of this year so I think I am okay.