Bug#1010531: bullseye-pu: package ldap-account-manager/7.4-1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1010531: bullseye-pu: package ldap-account-manager/7.4-1
From: Roland Gruber <post@rolandgruber.de>
Date: Tue, 03 May 2022 20:18:37 +0200
Message-id: <[🔎] 165160191720.28896.12319515083943920719.reportbug@lappi>
Reply-to: Roland Gruber <post@rolandgruber.de>, 1010531@bugs.debian.org

Package: release.debian.org
Severity: important
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: post@rolandgruber.de


[ Reason ]
Stored XSS and arbitrary image read vulnerability.
See https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-f2fr-cccr-583v

[ Impact ]
Security issue

[ Tests ]
Manual tests were done

[ Risks ]
Minimal risk, backport of latest release 7.9.1-1

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Backport of upstream fixes of 7.9.1 version. See https://github.com/LDAPAccountManager/lam/commit/39c48502cfa61c682cfd5f0cac3e3a8a2c3c9dcf

[ Other info ]
Security team asked to add this to next point release. It would not justify a DSA.

Reply to:

Follow-Ups:
- Bug#1010531: bullseye-pu: package ldap-account-manager/7.4-1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Processed: Re: Bug#1010531: bullseye-pu: package ldap-account-manager/7.4-1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#1010422: transition: r-api-bioc-3.15
Next by Date: Bug#1010531: Acknowledgement (bullseye-pu: package ldap-account-manager/7.4-1)
Previous by thread: Bug#1010468: marked as done (transition: gnat-11)
Next by thread: Bug#1010531: Acknowledgement (bullseye-pu: package ldap-account-manager/7.4-1)
Index(es):
- Date
- Thread