Re: Re: libappimage lts update
The issue was introduced in version 0.2.0-alpha here:
https://github.com/AppImageCommunity/libappimage/commit/ac28b2690d921c4cf2d20a511afcf247cff04d61
So Buster is infact not vulnerable as it has version 0.1.9 and the
code does not yet exist.
Thank you so much for your time and sorry for the noise.
Scarlett
On Tue, Jan 24, 2023 at 7:48 AM Scarlett Moore
<scarlett.gately.moore@gmail.com> wrote:
>
> I have done made myself very confused. That patch does not apply
> though and will require further research.
> I will reach out again when I am actually ready.
> Sorry,
> Scarlett
>
>
> On Mon, Jan 23, 2023 at 12:00 PM Scarlett Moore
> <scarlett.gately.moore@gmail.com> wrote:
> >
> >
> >
> > On Mon, Jan 23, 2023, 9:47 AM Utkarsh Gupta <guptautkarsh2102@gmail.com> wrote:
> >>
> >> Hi Scarlett,
> >>
> >> On Mon, Jan 23, 2023 at 6:43 PM Scarlett Moore
> >> <scarlett.gately.moore@gmail.com> wrote:
> >> > It turns out the issue affects 0.4 or earlier. Buster has 0.9.1 which was
> >> > completely rewritten C -> C++ and not affected. While I was looking forward to
> >> > learning this process, I am happy libappimage is not vulnerable in Buster.
> >>
> >> Are you sure? Because as I see it, buster has 0.1.9 (and not 0.9.1)
> >> which is < 0.4. :)
> >
> >
> > Hah, Indeed you are right, bad case of dyslexia there.
> >>
> >>
> >> > Now the question is how does one get this blemish removed or shown as fixed?
> >> > https://security-tracker.debian.org/tracker/source-package/libappimage
> >>
> >> I'll be happy to show you the next steps once we confirm whether or
> >> not the package is really vulnerable. Let me know what you think. TIA.
> >>
> > It is in fact quite vulnerable, I am ready for the next steps.
> > Thank you so much.
> > Scarlett
> >
> >>
> >>
> >> - u
Reply to: