[Pkg-privacy-maintainers] Bug#1014966: onionshare: CVE-2021-41867 CVE-2021-41868 CVE-2022-21688 CVE-2022-21689 CVE-2022-21690 CVE-2022-21691 CVE-2022-21692 CVE-2022-21693 CVE-2022-21694 CVE-2022-21695 CVE-2022-21696
Salvatore Bonaccorso
carnil at debian.org
Sun Oct 23 19:43:11 BST 2022
Hi Clément,
On Sun, Oct 23, 2022 at 06:27:08PM +0200, Clément Hermann wrote:
> Hi,
>
> Le 22/10/2022 à 15:01, Salvatore Bonaccorso a écrit :
>
> > Thanks for the quick reply! (much appreciated). I think it would be
> > good to get a confirmation from upstream and if possible to have
> > those advisories updates. E.g.
> > https://github.com/onionshare/onionshare/security/advisories/GHSA-x7wr-283h-5h2v
> > while mentioning "affected versions < 2.4" the patched version remains
> > "none". this might be that the < 2.4 just reflects the point in time
> > when the advisory was filled. OTOH you have arguments with the v2.5
> > release information that they might all be fixed.
> >
> > To be on safe side, explicitly confirming by upstream would be great.
>
> Agreed. And asked upstream:
> https://github.com/onionshare/onionshare/issues/1633.
Thank you!
Regards,
Salvatore
More information about the Pkg-privacy-maintainers
mailing list