Hi Scarlett,
On Mon, Jan 23, 2023 at 6:43 PM Scarlett Moore
<scarlett.gately.moore@gmail.com> wrote:
> It turns out the issue affects 0.4 or earlier. Buster has 0.9.1 which was
> completely rewritten C -> C++ and not affected. While I was looking forward to
> learning this process, I am happy libappimage is not vulnerable in Buster.
Are you sure? Because as I see it, buster has 0.1.9 (and not 0.9.1)
which is < 0.4. :)
Hah, Indeed you are right, bad case of dyslexia there.
> Now the question is how does one get this blemish removed or shown as fixed?
> https://security-tracker.debian.org/tracker/source-package/libappimage
I'll be happy to show you the next steps once we confirm whether or
not the package is really vulnerable. Let me know what you think. TIA.
It is in fact quite vulnerable, I am ready for the next steps.
Thank you so much.
Scarlett
- u