reassign 991698 enigma
merge 991698 991696
thanks
It does not make sense to report the bug against the *data* package. Its
in the binary, not the data. No need to report it twice.
Also, why use a screenshot of the diff, and not just the diff directly,
wtf? Why would you make a screenshot of a diff in the first place?
Clearly this should be fixed, but the security implications are very
limited.
The enigma package currently is not maintained. A new upstream version
exists.
Someone has indicated the intent to adopt the package, but not much has
happened so far: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902855
Am 30.07.21 um 13:12 schrieb Movses Tovmasyan:
Package: enigma-data
Version: 1.20-dfsg.1-2.1
Tags: patch
enigma-data uses the obsolete version of minilua
(single-file port of Lua) which has CVE-2014-5461
Patch attached below.