Package: onionshare Version: 2.5-2 Severity: wishlist Quoting https://github.com/onionshare/onionshare/security/advisories/GHSA-jgm9-xpfj-4fq6
> Between September 26, 2021 and October 8, 2021, Radically Open > Security conducted a penetration test of OnionShare 2.4, funded by the > Open Technology Fund's Red Team lab. This is an issue from that > penetration test. > Vulnerability ID: OTF-013 > Vulnerability type: Improper Hardening > Threat level: Low > Description: > > The filesystem restriction could be hardened and should only allow for > pre-defined subfolders. Upstream uses Flatpak to mitigate this, which of course makes little sense on Debian. However, we could provide something similar using Apparmor. Cheers, -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 6.0.0-2-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages onionshare depends on: ii onionshare-cli 2.5-2 ii python3 3.10.6-1 ii python3-pyside2.qtcore 5.15.2-2.3+b2 ii python3-pyside2.qtwidgets 5.15.2-2.3+b2 ii python3-qrcode 7.3.1-1 onionshare recommends no packages. onionshare suggests no packages. -- no debconf information