Hello Sean, I had a quick test with my: http://git.savannah.gnu.org/cgit/freedink.git/tree/nsis which is kinda old but does call WriteUninstaller. The installer and uninstaller appear to work correctly in a W10 VM.About the source changes, I'd recommend to use the CVE ID as part of the patch file name (otherwise it can be tedious to determine which fixed what, especially later on if there's (upstream) confusion over CVEs or regression fixes to consider). In addition I like to add a couple fields to note the source of the patch and some who/when info, e.g.:
https://salsa.debian.org/lts-team/packages/runc/-/blob/debian/buster/debian/patches/CVE-2022-29162.patch Cheers! Sylvain Beucler Debian LTS Team On 06/07/2023 20:42, Sean Whitton wrote:
Hello, I've prepared an upload to buster-security [1] to fix CVE-2023-37378. I've tested it using an example script from [2], but if anyone reading has a real, production NSIS script, that includes an uninstaller, in particular, then testing my upload by using it to build your script would be appreciated. I can provide .debs if it's not straightforward for you to build it. [1] https://salsa.debian.org/lts-team/packages/nsis [2] https://nsis.sourceforge.io/Simple_tutorials