Bug#1052420: bullseye-pu: package flameshot/0.9.0+ds1-2+deb11u1

To: Boyuan Yang <byang@debian.org>, 1052420@bugs.debian.org
Subject: Bug#1052420: bullseye-pu: package flameshot/0.9.0+ds1-2+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 23 Sep 2023 22:10:55 +0100
Message-id: <[🔎] 06840b1d88b1d45dadcdaf56e428db2be3dc70bd.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1052420@bugs.debian.org
In-reply-to: <[🔎] dbd7aa52d3286e9bd801303991cf5f675387c227.camel@debian.org>
References: <[🔎] dbd7aa52d3286e9bd801303991cf5f675387c227.camel@debian.org> <[🔎] dbd7aa52d3286e9bd801303991cf5f675387c227.camel@debian.org>

Control: tags -1 confirmed

On Thu, 2023-09-21 at 13:37 -0400, Boyuan Yang wrote:
> As reported in https://bugs.debian.org/1051408 , current flameshot
> in Debian 11 (Bullseye) will silently upload the current captured
> screenshot to imgur without confirmation whenever the corresponding
> hotkey is pressed. This imposes a security risk of leaking sensitive
> information.
> 
> In order to mitigate this issue, I propose to upload flameshot
> 0.9.0+ds1-2+deb11u1, which strips the embedded imgur token hardcoded
> in the source code. Users who wish to utilize the img uploading
> feature can fill in their own imgur token in flameshot config
> window to re-enable the feature.
> 

Please go ahead.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#1052420: bullseye-pu: package flameshot/0.9.0+ds1-2+deb11u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Bug#1052420: bullseye-pu: package flameshot/0.9.0+ds1-2+deb11u1
  - From: Boyuan Yang <byang@debian.org>

Prev by Date: Processed: Re: Bug#1052363: bullseye-pu: cups/2.3.3op2-3+deb11u4
Next by Date: Processed: Re: Bug#1052420: bullseye-pu: package flameshot/0.9.0+ds1-2+deb11u1
Previous by thread: Processed: bullseye-pu: package flameshot/0.9.0+ds1-2+deb11u1
Next by thread: Bug#1052420: bullseye-pu: package flameshot/0.9.0+ds1-2+deb11u1
Index(es):
- Date
- Thread