| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006847 | Kali Linux | Tool Upgrade Request | public | 2020-11-18 17:58 | 2021-01-15 07:39 |
| Reporter | tjnull | Assigned To | sbrun | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 2020.4 | ||||
| Summary | 0006847: Joplin Package on Kali is not using the latest version. | ||||
| Description | The current package of Joplin needs to be updated as it contains a cross site scripting bug and it is missing a variety of fixes/features to improve the tool. https://www.exploit-db.com/exploits/49024 Latest Version: https://github.com/laurent22/joplin/releases (1.4.10) | ||||
 |
Our issue currently is that the build system relies on yarn and yarnpkg is currently broken: And it can't be fixed because it's no longer buildable in Debian either: As Kali packagers, we really don't like this node ecosystem which is really brittle and next to impossible to package in a clean way and requires lots of efforts to keep it working... i'm wondering if we should not replace the Kali package with a kaboxer container instead. |
 |
@rhertzog - @TJ_Null was filling me in about this issue - would it be possible to touch base on this issue? I don't have a solution yet, but trying to replicate it on my end, and wanted to compare notes. If so, what medium would be best to do this? Forum DM? Thanks. |
|
|
@initinfosec Email? [email protected] Though the main issue is outside of my control so I don't really know what you expect from me. We're trying to package joplin out of the appimage binary release instead of building from source. Not clean but I don't really have a better solution. |
 |
version 1.6.7-0kali3 is now in kali-rolling |
