Runner up in "problematic downstream/distros packaging behavior" is #Canonical insisting on packaging old buggy versions in #Ubuntu using their endemic #Snap format. Ex.: snapcraft.io/gnome-calendar
It'd be really nice if they'd stop doing that, this is absolutely detrimental to the app's developers.
#SnapCraft creates confusion, until users eventually go out of their way to surgically remove it from their desktop OS in the same way Raiden rips out spines to acquire electrolytes.
✅ Achievement unlocked - Got a minor credit in a CVE.
mcphail wrote:
"I recently found a bug in Snap, a package manager for Ubuntu and other Linux distributions, which allows the snap to escape the sandbox and run arbitrary code (as the user) if the home permission is set. This exploit could be run on a vanilla install of Ubuntu and was patched in commit aa191f9 on 13th March 2024."
gld.mcphail.uk/posts/explainin…
cve.mitre.org/cgi-bin/cvename.…
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.cve.mitre.org
