[Pkg-privacy-maintainers] Bug#1014966: onionshare: CVE-2021-41867 CVE-2021-41868 CVE-2022-21688 CVE-2022-21689 CVE-2022-21690 CVE-2022-21691 CVE-2022-21692 CVE-2022-21693 CVE-2022-21694 CVE-2022-21695 CVE-2022-21696
Clément Hermann
clement.hermann at nodens.org
Sun Oct 23 17:27:08 BST 2022
Hi,
Le 22/10/2022 à 15:01, Salvatore Bonaccorso a écrit :
> Thanks for the quick reply! (much appreciated). I think it would be
> good to get a confirmation from upstream and if possible to have
> those advisories updates. E.g.
> https://github.com/onionshare/onionshare/security/advisories/GHSA-x7wr-283h-5h2v
> while mentioning "affected versions < 2.4" the patched version remains
> "none". this might be that the < 2.4 just reflects the point in time
> when the advisory was filled. OTOH you have arguments with the v2.5
> release information that they might all be fixed.
>
> To be on safe side, explicitly confirming by upstream would be great.
Agreed. And asked upstream:
https://github.com/onionshare/onionshare/issues/1633.
Cheers,
--
nodens
More information about the Pkg-privacy-maintainers
mailing list