[Secure-testing-team] Bug#816780: roundup: CVE-2014-6276: information leak
Salvatore Bonaccorso
carnil at debian.org
Sat Mar 5 07:45:53 UTC 2016
Source: roundup
Version: 1.4.20-1
Severity: grave
Tags: security upstream fixed-upstream wheezy jessie stretch sid
Hi
https://www.debian.org/security/2016/dsa-3502:
|Ralf Schlatterbeck discovered an information leak in roundup, a
|web-based issue tracking system. An authenticated attacker could use
|it to see sensitive details about other users, including their hashed
|password.
The purpose of this bug is to have a RC bug for roundup. roundup has
long seen any new upstream releases.
>From Kai Storbeck it looks the way forward would be to have roundup
removed for unstable and stretch. Kai can you confirm that this is
still the plan vs. update to new upstream releases?
If so can you fill afer discussion with the Python App team a removal
request?
Regards,
Salvatore
More information about the Secure-testing-team
mailing list