Bug#984604: buster-pu: package sabnzbdplus/2.3.6+dfsg-1

To: Jeroen Ploemen <linux@jcf.pm>, 984604@bugs.debian.org
Subject: Bug#984604: buster-pu: package sabnzbdplus/2.3.6+dfsg-1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 13 Mar 2021 18:45:34 +0000
Message-id: <[🔎] 952b8d814748454951e85291c8c790307ca93f0c.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 984604@bugs.debian.org
In-reply-to: <[🔎] 20210305200050.08c6bdca@vip.jcf.pm>
References: <[🔎] 20210305200050.08c6bdca@vip.jcf.pm> <[🔎] 20210305200050.08c6bdca@vip.jcf.pm>

Control: tags -1 + confirmed

On Fri, 2021-03-05 at 20:00 +0100, Jeroen Ploemen wrote:
> The sabnzbdplus package in buster is affected by a security issue
> (CVE-2020-13124), permitting code execution from the program's web
> interface through crafted settings. By default, the web interface is
> only accessible from localhost, with no authentication required.
> 

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#984604: buster-pu: package sabnzbdplus/2.3.6+dfsg-1
  - From: Jeroen Ploemen <linux@jcf.pm>

Prev by Date: Bug#983051: buster-pu: package xterm/344-1+deb10u1
Next by Date: Processed: Re: Bug#984604: buster-pu: package sabnzbdplus/2.3.6+dfsg-1
Previous by thread: Bug#984604: buster-pu: package sabnzbdplus/2.3.6+dfsg-1
Next by thread: Processed: Re: Bug#984604: buster-pu: package sabnzbdplus/2.3.6+dfsg-1
Index(es):
- Date
- Thread