View Issue Details

IDProjectCategoryView StatusLast Update
0006847Kali Linux[All Projects] Tool Upgradepublic2021-01-15 07:39
Reportertjnull Assigned Tosbrun  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2020.4 
Target VersionFixed in Version 
Summary0006847: Joplin Package on Kali is not using the latest version.
DescriptionThe current package of Joplin needs to be updated as it contains a cross site scripting bug and it is missing a variety of fixes/features to improve the tool.

https://www.exploit-db.com/exploits/49024

Latest Version: https://github.com/laurent22/joplin/releases (1.4.10)


Activities

tjnull

2020-11-18 17:58

reporter  

image.png (91,408 bytes)
image.png (91,408 bytes)
image-2.png (33,467 bytes)
image-2.png (33,467 bytes)

rhertzog

2020-11-19 08:17

administrator   ~0013690

Our issue currently is that the build system relies on yarn and yarnpkg is currently broken:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972952

And it can't be fixed because it's no longer buildable in Debian either:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960120

As Kali packagers, we really don't like this node ecosystem which is really brittle and next to impossible to package in a clean way and requires lots of efforts to keep it working...

i'm wondering if we should not replace the Kali package with a kaboxer container instead.

initinfosec

2020-12-11 18:02

reporter   ~0013967

@rhertzog - @TJ_Null was filling me in about this issue - would it be possible to touch base on this issue? I don't have a solution yet, but trying to replicate it on my end, and wanted to compare notes.

If so, what medium would be best to do this? Forum DM? Thanks.

rhertzog

2020-12-12 15:09

administrator   ~0013968

@initinfosec Email? buxy@kali.org Though the main issue is outside of my control so I don't really know what you expect from me. We're trying to package joplin out of the appimage binary release instead of building from source. Not clean but I don't really have a better solution.

sbrun

2021-01-15 07:39

manager   ~0014113

version 1.6.7-0kali3 is now in kali-rolling

Issue History

Date Modified Username Field Change
2020-11-18 17:58 tjnull New Issue
2020-11-18 17:58 tjnull Status new => assigned
2020-11-18 17:58 tjnull Assigned To => sbrun
2020-11-18 17:58 tjnull File Added: image.png
2020-11-18 17:58 tjnull File Added: image-2.png
2020-11-19 08:17 rhertzog Note Added: 0013690
2020-12-01 10:48 g0tmi1k Priority immediate => normal
2020-12-01 10:50 g0tmi1k Severity major => minor
2020-12-11 18:02 initinfosec Note Added: 0013967
2020-12-12 15:09 rhertzog Note Added: 0013968
2021-01-15 07:39 sbrun Status assigned => resolved
2021-01-15 07:39 sbrun Resolution open => fixed
2021-01-15 07:39 sbrun Note Added: 0014113