Bug#986224: buster-pu: package plinth/19.1+deb10u1

To: James Valleroy <jvalleroy@mailbox.org>, 986224@bugs.debian.org
Subject: Bug#986224: buster-pu: package plinth/19.1+deb10u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Mon, 19 Apr 2021 19:54:53 +0100
Message-id: <[🔎] 0704c3a17237c7a96cb1bea7b78e99ce8b9ade73.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 986224@bugs.debian.org
In-reply-to: <[🔎] 161724180191.188860.5680061318384184925.reportbug@compbook.jvalleroy.me>
References: <[🔎] 161724180191.188860.5680061318384184925.reportbug@compbook.jvalleroy.me> <[🔎] 161724180191.188860.5680061318384184925.reportbug@compbook.jvalleroy.me>

Control: tags -1 + confirmed

On Wed, 2021-03-31 at 21:50 -0400, James Valleroy wrote:
> A security issue was found and reported to the security team:
> https://security-tracker.debian.org/tracker/TEMP-0000000-3E4AC3
> 
> Since the impact is limited to specific use cases, they did not issue
> a DSA. A CVE has been requested but it still pending.
> 
> Description: After entering the first run wizard secret, other
> web-sessions can continue the first run wizard without being asked
> for
> the first run wizard secret.
> 

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#986224: buster-pu: package plinth/19.1+deb10u1
  - From: James Valleroy <jvalleroy@mailbox.org>

Prev by Date: Bug#985943: buster-pu: package node-hosted-git-info/2.7.1-1+deb10u1
Next by Date: Processed: Re: Bug#986224: buster-pu: package plinth/19.1+deb10u1
Previous by thread: Bug#986224: buster-pu: package plinth/19.1+deb10u1
Next by thread: Processed: Re: Bug#986224: buster-pu: package plinth/19.1+deb10u1
Index(es):
- Date
- Thread