So, could anyone sum up the "Am I owned" part of the problem to check which measures to take?
AFAIK I'm pretty likely owned if all of this is true:
- The following line shows at least one affected package:
echo "Affected Packages Found:"; comm -12 <(pacman -Qqm | sort) <(curl -s https://cscs.pastes.sh/raw/aurvulnlist20260611.txt | sort) | { read -r l && printf '%s\n' "$l" || echo "None. No known compromised packages are installed."; }
If I did not update AUR, in the last 2 days, it should be ok (at least for this specific problem).
If I don't see affected packages from the line above, it is probably ok, but maybe there are malicious packages that are not listed and yet I'm still be owned, so I have to be careful.
Is that correct and if not, what did I get wrong? And are there any checks that I can perform, that proof the status of the system?
Nothing is necessary if you didn't update AUR packages over the last 2 days. If you wait a day further, the maintainers will cleanup these as well, after taht you can upgrade.
Allright, sounds like I'm lucky. Thanks for clearing this up.