I have done made myself very confused. That patch does not apply though and will require further research. I will reach out again when I am actually ready. Sorry, Scarlett
On Mon, Jan 23, 2023 at 12:00 PM Scarlett Moore <scarlett.gately.mo...@gmail.com> wrote: > > > > On Mon, Jan 23, 2023, 9:47 AM Utkarsh Gupta <guptautkarsh2...@gmail.com> > wrote: >> >> Hi Scarlett, >> >> On Mon, Jan 23, 2023 at 6:43 PM Scarlett Moore >> <scarlett.gately.mo...@gmail.com> wrote: >> > It turns out the issue affects 0.4 or earlier. Buster has 0.9.1 which was >> > completely rewritten C -> C++ and not affected. While I was looking >> > forward to >> > learning this process, I am happy libappimage is not vulnerable in Buster. >> >> Are you sure? Because as I see it, buster has 0.1.9 (and not 0.9.1) >> which is < 0.4. :) > > > Hah, Indeed you are right, bad case of dyslexia there. >> >> >> > Now the question is how does one get this blemish removed or shown as >> > fixed? >> > https://security-tracker.debian.org/tracker/source-package/libappimage >> >> I'll be happy to show you the next steps once we confirm whether or >> not the package is really vulnerable. Let me know what you think. TIA. >> > It is in fact quite vulnerable, I am ready for the next steps. > Thank you so much. > Scarlett > >> >> >> - u
