Search Criteria
Package Details: slopsmith-desktop-bin 0.2.8-2
Package Actions
| Git Clone URL: | https://aur.archlinux.org/slopsmith-desktop-bin.git (read-only, click to copy) |
|---|---|
| Package Base: | slopsmith-desktop-bin |
| Description: | Slopsmith desktop app with integrated audio engine, VST hosting, and amp modeling |
| Upstream URL: | https://github.com/byrongamatos/slopsmith-desktop |
| Licenses: | AGPL-3.0-only |
| Conflicts: | slopsmith-desktop |
| Provides: | slopsmith-desktop |
| Submitter: | ariejan |
| Maintainer: | ariejan |
| Last Packager: | ariejan |
| Votes: | 2 |
| Popularity: | 1.31 |
| First Submitted: | 2026-05-15 08:22 (UTC) |
| Last Updated: | 2026-05-30 05:47 (UTC) |
Dependencies (12)
- alsa-lib
- at-spi2-core (at-spi2-core-gitAUR)
- gtk3 (gtk3-no_deadkeys_underlineAUR, gtk3-classicAUR, gtk3-patched-filechooser-icon-viewAUR, gtk3-classic-xfceAUR)
- libnotify (libnotify-gitAUR)
- libsecret
- libxss
- libxtst
- nss (nss-hgAUR)
- util-linux-libs (util-linux-libs-aesAUR, util-linux-libs-selinuxAUR)
- xdg-utils (busking-gitAUR, xdg-utils-slockAUR, mimiAUR, mimi-gitAUR, openerAUR, mimejs-gitAUR, xdg-utils-mimeoAUR)
- jack2 (jack2-gitAUR, jack2-gitAUR, pipewire-jack-gitAUR) (optional) – low-latency audio I/O
- libappindicator-gtk3 (libappindicator) (optional) – tray icon support
Latest Comments
AlfElFriki commented on 2026-05-28 19:36 (UTC)
A path-traversal vulnerability in Slopsmith's archive extractors allows arbitrary file write — and, with the default Docker configuration running as root, escalation to remote code execution via plugin drop. Every prior 0.2.x release is affected, including v0.2.8 stable and all 0.2.9 alphas (.1 through .4). Their release assets have been removed from GitHub. v0.2.9-alpha.5 is the only safe build.