Debian has issued an advisory today (May 14): https://www.debian.org/security/2020/dsa-4685 I'm not sure if the ancient version we have is affected.
Ubuntu has also issued an advisory for this: https://usn.ubuntu.com/4359-1/
Nicolas is trying to update this ancient thing, along with dpkg. Just so it doesn't get lost, dpkg build for Mageia 7 is: dpkg-1.19.7-2.mga7 dpkg-devel-1.19.7-2.mga7 dpkg-dev-1.19.7-2.mga7 dpkg-perl-1.19.7-2.mga7 dselect-1.19.7-2.mga7 from dpkg-1.19.7-2.mga7.src.rpm
CC: (none) => mageia
The 'apt' package is apt-rpm (a fork of apt) and AFAIK there is no newer version, so please do not try to update it. It also has nothing to do with dpkg as it uses librpm. Since the 'apt' package is not supposed to handle dpkg files either but only RPMs, this bug in upstream (debian) apt is not relevant.
So we still have this ancient fork of apt, which surely must be affected by some (possibly several) security vulnerabilities. We probably don't even know what they all are, given that I'm sure nobody is studying this old code for security issues, given that nobody is using this thing anymore. We haven't actually fixed a security issue in this package since 2014.
Status: NEW => RESOLVEDResolution: (none) => INVALID
*** Bug 27728 has been marked as a duplicate of this bug. ***
CC: (none) => zombie_ryushu