[shlip]

Here is how I did it :

Get a list of installed packages originating from AUR using 'yay' :

  yay -Qam > packages_aur.last

Get list from https://md.archlinux.org/s/SxbqukK6IA# :

  curl https://md.archlinux.org/s/SxbqukK6IA/download > compromised.txt

then :

  grep -wFf compromised.txt packages_aur.last

should spit out the packages that are in both files, hence were compromised at some point, I guess.

[galleywest200]

Thank you for this! I only had two on my system, thank goodness. I have uninstalled both.

libgdata 0.18.1-5 qt5-3d 5.15.18-1

[bilkow]

Have you checked the install date? I'm not sure which are the compromised version numbers, but if they were installed before June 10 you're probably safe. (I think libgdata 0.18.1-5 used to be on the main repos in February, and has recently been downgraded to AUR, so you may be fine).

Only packages from AUR have been compromised, meaning a normal update `pacman -Syu` won't install them, they'll only be installed by `makepkg` or AUR helpers (such as `paru`, which asks you to review the PKGBUILD diff).

Also, if you had installed a compromised version, uninstalling the packages is not enough, you'd probably need to reinstall your system and rotate all credentials. More info here and on the linked blog: https://discourse.ifin.network/t/400-aur-packages-compromise...

[galleywest200]

These were installed before June 10th I am almost certain. I will read that link just to be safe!

Looking at my pacman cache both of these versions existed on my system before June of this year so I think I am okay.