Bug#1010531: bullseye-pu: package ldap-account-manager/7.4-1
Package: release.debian.org
Severity: important
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: post@rolandgruber.de
[ Reason ]
Stored XSS and arbitrary image read vulnerability.
See https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-f2fr-cccr-583v
[ Impact ]
Security issue
[ Tests ]
Manual tests were done
[ Risks ]
Minimal risk, backport of latest release 7.9.1-1
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Backport of upstream fixes of 7.9.1 version. See https://github.com/LDAPAccountManager/lam/commit/39c48502cfa61c682cfd5f0cac3e3a8a2c3c9dcf
[ Other info ]
Security team asked to add this to next point release. It would not justify a DSA.
Reply to: