[Bug 1191311] VUL-0: CVE-2021-41867: python-onionshare: An information disclosure vulnerability allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature

https://bugzilla.suse.com/show_bug.cgi?id=1191311 https://bugzilla.suse.com/show_bug.cgi?id=1191311#c10 --- Comment #10 from Axel Braun --- (In reply to Marcus Meissner from comment #9)

I would however think with only 3 months left of lifetime we can perahps ignore it

The list is for Leap 15.3 - I agree re. your statement about 15.2 onionshare fails in testing with an 'internal error', see https://lists.opensuse.org/archives/list/python@lists.opensuse.org/thread/ID... After some investigation I could reduce it to these packages: For building: python-pytest-xvfb 2.0.0 python-PyVirtualDisplay >= 0.3 (version 2.1 used, Py3 only) python-vncdotool >= 0.13.0 (version 1.0.0 used) to run it afterwards: python-python-socketio python-Flask-SocketIO python-setuptools (to build Flask-SocketIO) python-bidict python-engineio See: https://build.opensuse.org/project/show/home:DocB:python -- You are receiving this mail because: You are on the CC list for the bug.