Bug#986224: buster-pu: package plinth/19.1+deb10u1
Control: tags -1 + confirmed
On Wed, 2021-03-31 at 21:50 -0400, James Valleroy wrote:
> A security issue was found and reported to the security team:
> https://security-tracker.debian.org/tracker/TEMP-0000000-3E4AC3
>
> Since the impact is limited to specific use cases, they did not issue
> a DSA. A CVE has been requested but it still pending.
>
> Description: After entering the first run wizard secret, other
> web-sessions can continue the first run wizard without being asked
> for
> the first run wizard secret.
>
Please go ahead.
Regards,
Adam
Reply to: