Inkscape possible domain compromise
By waffle8946 from https://discourse.nixos.org/t/inkscape-possible-domain-compromise/32008:
https://github.com/NixOS/nixpkgs/blob/c7623219fccf46b36370140d777ba61c85c9bb8d/pkgs/applications/graphics/inkscape/default.nix 19 fetches from https://media.inkscape.org/dl/resources/file/inkscape-${version}.tar.xz, but visiting https://media.inkscape.org/dl/resources/file/ serves some sort of html page containing spam unrelated to Inkscape (excerpt below):
<!DOCTYPE html> <html> <head> <title>DAFTAR 1 AKUN UNTUK SEMUA JENIS GAME SLOT ONLINE</title> <meta charset="utf-8">Is there a process to mark a package as possibly insecure without any existing CVE?
Related discussions: