Bug#1014966: onionshare: CVE-2021-41867 CVE-2021-41868 CVE-2022-21688 CVE-2022-21689 CVE-2022-21690 CVE-2022-21691 CVE-2022-21692 CVE-2022-21693 CVE-2022-21694 CVE-2022-21695 CVE-2022-21696

Am Sun, Nov 27, 2022 at 11:45:27AM +0100 schrieb Clément Hermann: > Hi > > Le 25/10/2022 à 13:53, Clément Hermann a écrit : > > Hi Moritz, > > > > Le 25/10/2022 à 11:15, Moritz Muehlenhoff a écrit : > > > > > Given that the primary use case for onionshare will be tails, my > > > suggestion

Bug#1014966: onionshare: CVE-2021-41867 CVE-2021-41868 CVE-2022-21688 CVE-2022-21689 CVE-2022-21690 CVE-2022-21691 CVE-2022-21692 CVE-2022-21693 CVE-2022-21694 CVE-2022-21695 CVE-2022-21696

Hi Le 25/10/2022 à 13:53, Clément Hermann a écrit : Hi Moritz, Le 25/10/2022 à 11:15, Moritz Muehlenhoff a écrit : Given that the primary use case for onionshare will be tails, my suggestion would be that CVE-2022-21689 and CVE-2022-21690 get backported fixes for the next Bullseye point

Bug#1014966: onionshare: CVE-2021-41867 CVE-2021-41868 CVE-2022-21688 CVE-2022-21689 CVE-2022-21690 CVE-2022-21691 CVE-2022-21692 CVE-2022-21693 CVE-2022-21694 CVE-2022-21695 CVE-2022-21696

Hi Moritz, Le 25/10/2022 à 11:15, Moritz Muehlenhoff a écrit : Hi Clément, Sadly, upstream rectified and confirms it affects 2.2 [0], and has been tested and reproduced on Bullseye. We do need to fix it. Upstream has a few suggestions, but I guess our choices are either uploading 2.5 to

Bug#1014966: onionshare: CVE-2021-41867 CVE-2021-41868 CVE-2022-21688 CVE-2022-21689 CVE-2022-21690 CVE-2022-21691 CVE-2022-21692 CVE-2022-21693 CVE-2022-21694 CVE-2022-21695 CVE-2022-21696

Hi Clément, > Sadly, upstream rectified and confirms it affects 2.2 [0], and has been > tested and reproduced on Bullseye. We do need to fix it. Upstream has a few > suggestions, but I guess our choices are either uploading 2.5 to stable, if > that's possible. python-stem at least will need to be

Bug#1014966: onionshare: CVE-2021-41867 CVE-2021-41868 CVE-2022-21688 CVE-2022-21689 CVE-2022-21690 CVE-2022-21691 CVE-2022-21692 CVE-2022-21693 CVE-2022-21694 CVE-2022-21695 CVE-2022-21696

Le 24/10/2022 à 20:41, Clément Hermann a écrit : - CVE-2022-21694 affects Bullseye, but that might be an acceptable risk ? The issue is that CSP can only be turned on or off, not configured to allow js etc, so it is only useful for static

Bug#1014966: onionshare: CVE-2021-41867 CVE-2021-41868 CVE-2022-21688 CVE-2022-21689 CVE-2022-21690 CVE-2022-21691 CVE-2022-21692 CVE-2022-21693 CVE-2022-21694 CVE-2022-21695 CVE-2022-21696

Le 24/10/2022 à 18:26, Clément Hermann a écrit : Hi, Le 23/10/2022 à 18:27, Clément Hermann a écrit : Hi, Le 22/10/2022 à 15:01, Salvatore Bonaccorso a écrit : To be on safe side, explicitly confirming by upstream would be great. Agreed. And asked upstream:

Bug#1014966: onionshare: CVE-2021-41867 CVE-2021-41868 CVE-2022-21688 CVE-2022-21689 CVE-2022-21690 CVE-2022-21691 CVE-2022-21692 CVE-2022-21693 CVE-2022-21694 CVE-2022-21695 CVE-2022-21696

Hi, Le 23/10/2022 à 18:27, Clément Hermann a écrit : Hi, Le 22/10/2022 à 15:01, Salvatore Bonaccorso a écrit : Thanks for the quick reply! (much appreciated). I think it would be good to get a confirmation from upstream and if possible to have those advisories updates. E.g.

Bug#1014966: onionshare: CVE-2021-41867 CVE-2021-41868 CVE-2022-21688 CVE-2022-21689 CVE-2022-21690 CVE-2022-21691 CVE-2022-21692 CVE-2022-21693 CVE-2022-21694 CVE-2022-21695 CVE-2022-21696

Hi Clément, On Sun, Oct 23, 2022 at 06:27:08PM +0200, Clément Hermann wrote: > Hi, > > Le 22/10/2022 à 15:01, Salvatore Bonaccorso a écrit : > > > Thanks for the quick reply! (much appreciated). I think it would be > > good to get a confirmation from upstream and if possible to have > > those

Bug#1014966: onionshare: CVE-2021-41867 CVE-2021-41868 CVE-2022-21688 CVE-2022-21689 CVE-2022-21690 CVE-2022-21691 CVE-2022-21692 CVE-2022-21693 CVE-2022-21694 CVE-2022-21695 CVE-2022-21696

Hi, Le 22/10/2022 à 15:01, Salvatore Bonaccorso a écrit : Thanks for the quick reply! (much appreciated). I think it would be good to get a confirmation from upstream and if possible to have those advisories updates. E.g.

Bug#1014966: onionshare: CVE-2021-41867 CVE-2021-41868 CVE-2022-21688 CVE-2022-21689 CVE-2022-21690 CVE-2022-21691 CVE-2022-21692 CVE-2022-21693 CVE-2022-21694 CVE-2022-21695 CVE-2022-21696

Hi Clément, On Sat, Oct 22, 2022 at 02:50:53PM +0200, Clément Hermann wrote: > Hi Salvatore, > > Le 22/10/2022 à 13:49, Salvatore Bonaccorso a écrit : > > > > > For further information see: > > > > > > [0] https://security-tracker.debian.org/tracker/CVE-2021-41867 > > >

Bug#1014966: onionshare: CVE-2021-41867 CVE-2021-41868 CVE-2022-21688 CVE-2022-21689 CVE-2022-21690 CVE-2022-21691 CVE-2022-21692 CVE-2022-21693 CVE-2022-21694 CVE-2022-21695 CVE-2022-21696

Hi Salvatore, Le 22/10/2022 à 13:49, Salvatore Bonaccorso a écrit : For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-41867 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41867 [1] https://security-tracker.debian.org/tracker/CVE-2021-41868

Bug#1014966: onionshare: CVE-2021-41867 CVE-2021-41868 CVE-2022-21688 CVE-2022-21689 CVE-2022-21690 CVE-2022-21691 CVE-2022-21692 CVE-2022-21693 CVE-2022-21694 CVE-2022-21695 CVE-2022-21696

Hi, On Fri, Jul 15, 2022 at 02:04:38PM +0200, Moritz Mühlenhoff wrote: > Source: onionshare > X-Debbugs-CC: t...@security.debian.org > Severity: grave > Tags: security > > Hi, > > The following vulnerabilities were published for onionshare. > > CVE-2021-41867[0]: > | An information disclosure

Bug#1014966: onionshare: CVE-2021-41867 CVE-2021-41868 CVE-2022-21688 CVE-2022-21689 CVE-2022-21690 CVE-2022-21691 CVE-2022-21692 CVE-2022-21693 CVE-2022-21694 CVE-2022-21695 CVE-2022-21696

Source: onionshare X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for onionshare. CVE-2021-41867[0]: | An information disclosure vulnerability in OnionShare 2.3 before 2.4 | allows remote unauthenticated attackers to