Bug#1031279: bullseye-pu: package flask-security/4.0.0-1+deb11u1

To: Carsten Schoenert <c.schoenert@t-online.de>, 1031279@bugs.debian.org
Subject: Bug#1031279: bullseye-pu: package flask-security/4.0.0-1+deb11u1
From: Jonathan Wiltshire <jmw@debian.org>
Date: Wed, 15 Mar 2023 21:13:11 +0000
Message-id: <[🔎] ZBI05297F903KeMN@powdarrmonkey.net>
Reply-to: Jonathan Wiltshire <jmw@debian.org>, 1031279@bugs.debian.org
In-reply-to: <167638481814.1579856.4470149596550524089.reportbug@x260.cruise.homelinux.net>
References: <167638481814.1579856.4470149596550524089.reportbug@x260.cruise.homelinux.net> <167638481814.1579856.4470149596550524089.reportbug@x260.cruise.homelinux.net>

Control: tag -1 confirmed

On Tue, Feb 14, 2023 at 02:26:58PM +0000, Carsten Schoenert wrote:
> [ Reason ]
> The version of flask-security in bullseye is affected by CVE-2021-23385.
> https://security-tracker.debian.org/tracker/CVE-2021-23385
> 
> [ Impact ]
> Without that fix users of Flask based application which using
> get_post_logout_redirect and get_post_login_redirect functions might get
> an bypassed URL validation and redirect a user to an arbitrary URL.

Please go ahead.

> +Subject: A (hopeful) fix for possible open-redirect.

Nothing like confidence :D


Thanks,

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Reply to:

Prev by Date: Processed: Re: Bug#1025789: bullseye-pu: wolfssl/4.6.0+p1-0+deb11u1_4.6.0+p1-0+deb11u2.debdiff
Next by Date: Processed: Re: Bug#1031279: bullseye-pu: package flask-security/4.0.0-1+deb11u1
Previous by thread: Processed: Re: Bug#1025789: bullseye-pu: wolfssl/4.6.0+p1-0+deb11u1_4.6.0+p1-0+deb11u2.debdiff
Next by thread: Processed: Re: Bug#1031279: bullseye-pu: package flask-security/4.0.0-1+deb11u1
Index(es):
- Date
- Thread