There are 2 open security issues in bullseye.
2 issues left for the package maintainer to handle:
- CVE-2023-49208:
(needs triaging)
scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration.
- CVE-2024-25715:
(needs triaging)
Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri.
You can find information about how to handle these issues in the security team's documentation.
2 issues that should be fixed with the next stable update:
- CVE-2022-27240:
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion.
- CVE-2022-29967:
static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal.