Bug#1010531: marked as done (bullseye-pu: package ldap-account-manager/7.4-1)
Your message dated Tue, 05 Jul 2022 19:37:31 +0100
with message-id <c3d5ea44392bff79440eaf40fa2764590fb1cf47.camel@adam-barratt.org.uk>
and subject line Re: Bug#1010531: bullseye-pu: package ldap-account-manager/7.4-1
has caused the Debian Bug report #1010531,
regarding bullseye-pu: package ldap-account-manager/7.4-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1010531: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010531
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: bullseye-pu: package ldap-account-manager/7.4-1
- From: Roland Gruber <post@rolandgruber.de>
- Date: Tue, 03 May 2022 20:18:37 +0200
- Message-id: <165160191720.28896.12319515083943920719.reportbug@lappi>
Package: release.debian.org
Severity: important
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: post@rolandgruber.de
[ Reason ]
Stored XSS and arbitrary image read vulnerability.
See https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-f2fr-cccr-583v
[ Impact ]
Security issue
[ Tests ]
Manual tests were done
[ Risks ]
Minimal risk, backport of latest release 7.9.1-1
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Backport of upstream fixes of 7.9.1 version. See https://github.com/LDAPAccountManager/lam/commit/39c48502cfa61c682cfd5f0cac3e3a8a2c3c9dcf
[ Other info ]
Security team asked to add this to next point release. It would not justify a DSA.
--- End Message ---
--- Begin Message ---
- To: Roland Gruber <post@rolandgruber.de>, 1010531-done@bugs.debian.org
- Subject: Re: Bug#1010531: bullseye-pu: package ldap-account-manager/7.4-1
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Tue, 05 Jul 2022 19:37:31 +0100
- Message-id: <c3d5ea44392bff79440eaf40fa2764590fb1cf47.camel@adam-barratt.org.uk>
- In-reply-to: <165160191720.28896.12319515083943920719.reportbug@lappi>
- References: <165160191720.28896.12319515083943920719.reportbug@lappi>
On Tue, 2022-05-03 at 20:18 +0200, Roland Gruber wrote:
> [ Reason ]
> Stored XSS and arbitrary image read vulnerability.
> See
> https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-f2fr-cccr-583v
>
[...]
> [ Other info ]
> Security team asked to add this to next point release. It would not
> justify a DSA.
>
Apparently other issues did, as DSA-5177-1 was just released fixing the
mentioned issue and some others.
As the package discussed in this request was never actually uploaded,
I'm going to close this request now.
Regards,
Adam
--- End Message ---
Reply to: