See https://electronjs.org/blog/protocol-handler-fix Fix in 1.8.2-beta.4, 1.7.11, and 1.6.16. This likely affects also various apps that bundle electron, I'll cc the maintainer of signal-desktop-bin, which is almost certainly affected.
Hmm, just noted that it says Linux is not vulnerable... Shall we close as invalid? Probably still good to update though...
(In reply to Hanno Boeck from comment #1) > Hmm, just noted that it says Linux is not vulnerable... > Shall we close as invalid? Probably still good to update though... Just reassign it to the maintainer for a bump or you can open a new bug, but we would close it as invalid.
Re-assigned to proxy-maint.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c529068f7efb4fada01c878c3a75d70091f3435a commit c529068f7efb4fada01c878c3a75d70091f3435a Author: Elvis Pranskevichus <elvis@magic.io> AuthorDate: 2018-01-26 02:24:05 +0000 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: 2018-01-26 08:51:05 +0000 dev-util/electron: version bump to 1.6.16. Closes: https://bugs.gentoo.org/645576 Closes: https://github.com/gentoo/gentoo/pull/6966 Package-Manager: Portage-2.3.19, Repoman-2.3.6 dev-util/electron/Manifest | 4 ++-- ...ectron-1.6.15.ebuild => electron-1.6.16.ebuild} | 26 ++++++---------------- 2 files changed, 9 insertions(+), 21 deletions(-)