0006847: Joplin Package on Kali is not using the latest version.

ID	Project	Category	View Status	Date Submitted	Last Update

0006847	Kali Linux	Tool Upgrade Request	public	2020-11-18 17:58	2021-01-15 07:39

Reporter	tjnull	Assigned To	sbrun
Priority	normal	Severity	minor	Reproducibility	always
Status	resolved	Resolution	fixed
Product Version	2020.4

Summary	0006847: Joplin Package on Kali is not using the latest version.
Description	The current package of Joplin needs to be updated as it contains a cross site scripting bug and it is missing a variety of fixes/features to improve the tool. https://www.exploit-db.com/exploits/49024 Latest Version: https://github.com/laurent22/joplin/releases (1.4.10)

tjnull 2020-11-18 17:58 reporter	image.png (91,408 bytes) image.png (91,408 bytes) image-2.png (33,467 bytes) image-2.png (33,467 bytes)

rhertzog 2020-11-19 08:17 administrator ~0013690	Our issue currently is that the build system relies on yarn and yarnpkg is currently broken: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972952 And it can't be fixed because it's no longer buildable in Debian either: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960120 As Kali packagers, we really don't like this node ecosystem which is really brittle and next to impossible to package in a clean way and requires lots of efforts to keep it working... i'm wondering if we should not replace the Kali package with a kaboxer container instead.

initinfosec 2020-12-11 18:02 reporter ~0013967	@rhertzog - @TJ_Null was filling me in about this issue - would it be possible to touch base on this issue? I don't have a solution yet, but trying to replicate it on my end, and wanted to compare notes. If so, what medium would be best to do this? Forum DM? Thanks.

rhertzog 2020-12-12 15:09 administrator ~0013968	@initinfosec Email? [email protected] Though the main issue is outside of my control so I don't really know what you expect from me. We're trying to package joplin out of the appimage binary release instead of building from source. Not clean but I don't really have a better solution.

sbrun 2021-01-15 07:39 manager ~0014113	version 1.6.7-0kali3 is now in kali-rolling

Date Modified	Username	Field	Change
2020-11-18 17:58	tjnull	New Issue
2020-11-18 17:58	tjnull	Status	new => assigned
2020-11-18 17:58	tjnull	Assigned To	=> sbrun
2020-11-18 17:58	tjnull	File Added: image.png
2020-11-18 17:58	tjnull	File Added: image-2.png
2020-11-19 08:17	rhertzog	Note Added: 0013690
2020-12-01 10:48	g0tmi1k	Priority	immediate => normal
2020-12-01 10:50	g0tmi1k	Severity	major => minor
2020-12-11 18:02	initinfosec	Note Added: 0013967
2020-12-12 15:09	rhertzog	Note Added: 0013968
2021-01-15 07:39	sbrun	Status	assigned => resolved
2021-01-15 07:39	sbrun	Resolution	open => fixed
2021-01-15 07:39	sbrun	Note Added: 0014113
2021-05-31 13:37	rhertzog	Category	Tool Upgrade => Tool Upgrade Request