Comment 10 for bug 1812353

Is there any more detailed evaluation of this hole?

It reads absolutely catastrophic, like that secure APT is basically broken since 2011,… and if anyone has found that issue before (which one must assume in the worst case) any code could have been rather easily introduced in any Debian based system, from end users to DDs.