Bug#1031279: bullseye-pu: package flask-security/4.0.0-1+deb11u1
Control: tag -1 confirmed
On Tue, Feb 14, 2023 at 02:26:58PM +0000, Carsten Schoenert wrote:
> [ Reason ]
> The version of flask-security in bullseye is affected by CVE-2021-23385.
> https://security-tracker.debian.org/tracker/CVE-2021-23385
>
> [ Impact ]
> Without that fix users of Flask based application which using
> get_post_logout_redirect and get_post_login_redirect functions might get
> an bypassed URL validation and redirect a user to an arbitrary URL.
Please go ahead.
> +Subject: A (hopeful) fix for possible open-redirect.
Nothing like confidence :D
Thanks,
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Reply to: