All versions of lix
are vulnerable to Machine-In-The-Middle. The package accepts downloads with http
and follows location
header redirects for package downloads. This allows for an attacker in a privileged network position to intercept a lix package installation and redirect the download to a malicious source.
No fix is currently available. Consider using an alternative package until a fix is made available.