Osmancanvural

**Name of the Vulnerable Software and Affected Versions** eopkg versions prior to 4.4.0 **Description** eopkg is a package manager for Solus implemented in Python3. A malicious package could bypass the directory restrictions imposed by the `--destdir` option. Exploitation requires installing a package from a compromised or malicious source. Such packages would then install files outside the intended `--destdir` location on the host system. Users who only install packages from the official Solus repositories are not affected. **Recommendations** Update to version 4.4.0 or later.

**Name of the Vulnerable Software and Affected Versions** eopkg versions prior to 4.4.0 **Description** eopkg, a Solus package manager implemented in python3, contains a flaw where a malicious package could include files that are not tracked by `eopkg`. This requires installation of a package from a malicious or compromised source. Files within such packages would not be displayed by `lseopkg` and related tools. Users installing packages solely from the Solus repositories are not affected. **Recommendations** Update to version 4.4.0 or later.