Accepted kanboard 1.2.26+ds-2+deb12u2 (source) into proposed-updates

Sat, 22 Jul 2023 09:02:29 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 12 Jul 2023 20:13:20 -0400
Source: kanboard
Architecture: source
Version: 1.2.26+ds-2+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Joseph Nahmias <je...@debian.org>
Changed-By: Joseph Nahmias <je...@debian.org>
Closes: 1036874 1037167 1040265
Changes:
 kanboard (1.2.26+ds-2+deb12u2) bookworm-security; urgency=high
 .
   * backport fix for CVE-2023-36813: Multiple Authenticated SQL Injections
     
https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx
     Fix picked from kanboard v1.2.31
     https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad
     (Closes: #1040265)
 .
 kanboard (1.2.26+ds-2+deb12u1) bookworm; urgency=high
 .
   * Cherry-pick security fixes from kanboard_1.2.26+ds-[34] for bookworm.
   * backport fix for CVE-2023-32685 from kanboard v1.2.29
     
https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv
     Based on upstream commits 26b6eeb & c9c1872.
     (cherry picked from commit d9b8d854f2d35831b04b84cfdda41cc7b49e3a28)
     (Closes: #1036874)
   * backport security fixes from kanboard v1.2.30.
      > CVE-2023-33956: Parameter based Indirect Object Referencing leading
        to private file exposure
      > CVE-2023-33968: Missing access control allows user to move and
        duplicate tasks to any project in the software
      > CVE-2023-33969: Stored XSS in the Task External Link Functionality
      > CVE-2023-33970: Missing access control in internal task links feature
     (cherry picked from commit 4ad0ad220613bbf04bef559addba8c363fdf0dfa)
     (Closes: #1037167)
   * point gbp & salsa at bookworm
Checksums-Sha1:
 67286f8f8d9468136f602dcabc366c8e9f189c84 2797 kanboard_1.2.26+ds-2+deb12u2.dsc
 71d224ceb1086b40603bf9b0a2f8dbc5cbeee0ed 974764 kanboard_1.2.26+ds.orig.tar.xz
 e779447aa41af05852f27af20f1c26eeeafac18f 18904 
kanboard_1.2.26+ds-2+deb12u2.debian.tar.xz
 475008987c4be6b5a9db6b966504e9525cb2b4c3 11216 
kanboard_1.2.26+ds-2+deb12u2_amd64.buildinfo
Checksums-Sha256:
 257197766cd6c6b38b954f402252082aedd8cec37b1bd1bfa1e8180b7a12bacf 2797 
kanboard_1.2.26+ds-2+deb12u2.dsc
 89b68186c24bd13d33b883e807eee9a8c07e35c0d4b92e2f13803be3d0cfe653 974764 
kanboard_1.2.26+ds.orig.tar.xz
 e26110f9c97df285f99a40f92bac2b80f0d23ecbfbbcbd902c3844292d15a093 18904 
kanboard_1.2.26+ds-2+deb12u2.debian.tar.xz
 190e54f8a4518244ff753bbd07b992c4f5dfef1f76f03e11aba6874314e2e62a 11216 
kanboard_1.2.26+ds-2+deb12u2_amd64.buildinfo
Files:
 03c5bf6da536bd27c4e59cec746fd5fa 2797 web optional 
kanboard_1.2.26+ds-2+deb12u2.dsc
 e572ec6c2b81d5a9df63d9ebf513de7a 974764 web optional 
kanboard_1.2.26+ds.orig.tar.xz
 9074f3fb03ffbedf358191fa063fd75d 18904 web optional 
kanboard_1.2.26+ds-2+deb12u2.debian.tar.xz
 8470c958bc45094c76b18e50129a4b40 11216 web optional 
kanboard_1.2.26+ds-2+deb12u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcxc7CTsDz7hRCK0UsRvZGQeaO5gFAmSzYxAACgkQsRvZGQea
O5iPFQ//c4k4kEiC4ZfXb+4+EfdufdBjO/Esto/GaZXfsZJvb04kTtKZDWhFL1CH
0xhL2s0aruM73NlVhHmiBlvgZnZ7xdXfjG+y8EZkX4ssimCZ9g8I9EHeMbUmvJsI
lbRqWEcARokCyUHkmWn9SKVx5AOmkEMOAjRRnYLK5Cn5pI6e4IlfL6GMzSwStChK
GF0OWvMuA39JeZyO30C6lbbRWCYY+uMjPP2EoDFnYED+t+AB58HD2RRTthwQ9/q2
alayJPZb5+9XE5gRYv0mTwoe2uuGGYMYopuVsipST2WLUAtv62EG1bQPIlzANxNg
h0GN/rvGPTDorYgEejfochiaH6LZxmCuSp0zp6nulOncCrgVVvulFq9mrbuoiZX5
CUqPS9+xrdnYtYg0qq4/d7HX2lFpSz+R5bxVU7V1V8A/8NmU8nAlvHE21+4C974s
61FPIJP/ZmVHYTXmxuObslQT11M9Qf2WLlSEOcp1GSjYvIems9xyI0Wmq7ynuaY+
GQLTn3jw2cKmn+OcSZT11anF48vyBo7BqlN+uvQ7vDEmQ44lCAKbpQAdmXm9K9U3
r8jPY4Fl8PXkzfeNmSRBSwdqY++dtSeIApcDV9+nA6olrq18gdFewRe8OB3QoMwO
8lYj0U5XGRiCmrbpVphPkRgKaqH6k2mWRqvZEHqlDvmS8ctfAEQ=
=MixI
-----END PGP SIGNATURE-----

Reply via email to