Source: roundup Version: 1.4.20-1 Severity: grave Tags: security upstream fixed-upstream wheezy jessie stretch sid
Hi https://www.debian.org/security/2016/dsa-3502: |Ralf Schlatterbeck discovered an information leak in roundup, a |web-based issue tracking system. An authenticated attacker could use |it to see sensitive details about other users, including their hashed |password. The purpose of this bug is to have a RC bug for roundup. roundup has long seen any new upstream releases. >From Kai Storbeck it looks the way forward would be to have roundup removed for unstable and stretch. Kai can you confirm that this is still the plan vs. update to new upstream releases? If so can you fill afer discussion with the Python App team a removal request? Regards, Salvatore
