On Fri, Jan 15, 2021 at 08:59:31PM +0100, Salvatore Bonaccorso wrote: [...] > Admitelly the CVE description currently on MITRE is quite confusing > reffering to Flask-Security-Too package. But the other references > pointed out and reviewing the changes seem to apply to the original > project as well (I might miss something here).
I can answer this part myself "Flask-Security-Too" is the "upstream". flask-security (3.4.2-1) unstable; urgency=medium [...] * Switch upstream to Flask-Security-Too. [...] Regards, Salvatore