| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2022-21689-fix.diff | Fix for CVE-2022-21689 Adapted from upstream https://github.com/onionshare/onionshare/commit/096178a9e6133fd6ca9d95a00a67bba75ccab377 use microseconds for timestamps in filename |
no | backport, https://github.com/onionshare/onionshare/commit/096178a9e6133fd6ca9d95a00a67bba75ccab377 | 2022-11-12 | ||
| cryptodome.diff | Import RSA from Cryptodome.PublicKey The way python3-pycryptodome is built in Debian, there is a need to explicitly import from the Cryptodome namespace: the Crypto namespace compatibility isn't used. See #886291 for details. |
Ulrike Uhlig <ulrike@debian.org> | not-needed | 2021-01-11 | ||
| CVE-2022-21690-fix.diff | Fix for CVE-2022-21690 Adapted from upstream https://github.com/onionshare/onionshare/commit/8f1e7ac224e54f57e43321bba2c2f9fdb5143bb0 Force plaintext format for path parameter |
no | upstream, https://github.com/onionshare/onionshare/commit/8f1e7ac224e54f57e43321bba2c2f9fdb5143bb0 | 2022-11-12 |