[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: libappimage lts update

I have done made myself very confused. That patch does not apply
though and will require further research.
I will reach out again when I am actually ready.
Sorry,
Scarlett


On Mon, Jan 23, 2023 at 12:00 PM Scarlett Moore
<scarlett.gately.moore@gmail.com> wrote:
>
>
>
> On Mon, Jan 23, 2023, 9:47 AM Utkarsh Gupta <guptautkarsh2102@gmail.com> wrote:
>>
>> Hi Scarlett,
>>
>> On Mon, Jan 23, 2023 at 6:43 PM Scarlett Moore
>> <scarlett.gately.moore@gmail.com> wrote:
>> > It turns out the issue affects 0.4 or earlier. Buster has 0.9.1 which was
>> > completely rewritten C -> C++ and not affected. While I was looking forward to
>> > learning this process, I am happy libappimage is not vulnerable in Buster.
>>
>> Are you sure? Because as I see it, buster has 0.1.9 (and not 0.9.1)
>> which is < 0.4. :)
>
>
> Hah, Indeed you are right, bad case of dyslexia there.
>>
>>
>> > Now the question is how does one get this blemish removed or shown as fixed?
>> > https://security-tracker.debian.org/tracker/source-package/libappimage
>>
>> I'll be happy to show you the next steps once we confirm whether or
>> not the package is really vulnerable. Let me know what you think. TIA.
>>
> It is in fact quite vulnerable, I am ready for the next steps.
> Thank you so much.
> Scarlett
>
>>
>>
>> - u
Reply to: