The issue was introduced in version 0.2.0-alpha here:
https://github.com/AppImageCommunity/libappimage/commit/ac28b2690d921c4cf2d20a511afcf247cff04d61
So Buster is infact not vulnerable as it has version 0.1.9 and the
code does not yet exist.
Thank you so much for your time and sorry for the
I have done made myself very confused. That patch does not apply
though and will require further research.
I will reach out again when I am actually ready.
Sorry,
Scarlett
On Mon, Jan 23, 2023 at 12:00 PM Scarlett Moore
wrote:
>
>
>
> On Mon, Jan 23, 2023, 9:47 AM Utkarsh Gupta
> wrote:
>>
>>
On Mon, Jan 23, 2023, 9:47 AM Utkarsh Gupta
wrote:
> Hi Scarlett,
>
> On Mon, Jan 23, 2023 at 6:43 PM Scarlett Moore
> wrote:
> > It turns out the issue affects 0.4 or earlier. Buster has 0.9.1 which was
> > completely rewritten C -> C++ and not affected. While I was looking
> forward to
> >
Hi Scarlett,
On Mon, Jan 23, 2023 at 6:43 PM Scarlett Moore
wrote:
> It turns out the issue affects 0.4 or earlier. Buster has 0.9.1 which was
> completely rewritten C -> C++ and not affected. While I was looking forward to
> learning this process, I am happy libappimage is not vulnerable in
Hello!
It turns out the issue affects 0.4 or earlier. Buster has 0.9.1 which was
completely rewritten C -> C++ and not affected. While I was looking forward to
learning this process, I am happy libappimage is not vulnerable in Buster.
Now the question is how does one get this blemish removed or
Hi Scarlett,
On Sat, Jan 21, 2023 at 8:51 PM Scarlett Moore
wrote:
> and the CVE is not listed. I need to know how I proceed as it stated Do not
> add it, frontdesk needs to. I am a maintainer of the package and I do have the
> upstream fix.
Thank you for reaching out. I am at the front desk
Hello Scarlett,
thanks for your email!
Please prepare a fix for the package, upload it to your salsa repo, and let
us know.
We will take care of adding the package to the dla-needed list and
preparing all necessary
steps for that.
If you prefer to upload the package on your own, we can also
Hello,
The security team pointed me here as Buster is now LTS.
I am reaching out to see if/how I should update libappimage in buster.
The bug is https://security-tracker.debian.org/tracker/CVE-2020-25265
The upstream fix is: https://github.com/AppImageCommunity/libappimage/pull/146
I followed
