Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted kanboard 1.2.26+ds-4 (source) into unstable
Date: Thu, 08 Jun 2023 02:23:21 +0000
Signed by: Joe Nahmias <jello@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 07 Jun 2023 20:45:40 -0400
Source: kanboard
Architecture: source
Version: 1.2.26+ds-4
Distribution: unstable
Urgency: medium
Maintainer: Joseph Nahmias <jello@debian.org>
Changed-By: Joseph Nahmias <jello@debian.org>
Closes: 1037167
Changes:
 kanboard (1.2.26+ds-4) unstable; urgency=medium
 .
   * backport security fixes from kanboard v1.2.30
      > CVE-2023-33956: Parameter based Indirect Object Referencing leading
        to private file exposure
      > CVE-2023-33968: Missing access control allows user to move and
        duplicate tasks to any project in the software
      > CVE-2023-33969: Stored XSS in the Task External Link Functionality
      > CVE-2023-33970: Missing access control in internal task links feature
     (Closes: #1037167)
Checksums-Sha1:
 1ff48b433817a7b18b5a9398551e479206f0c4c9 2765 kanboard_1.2.26+ds-4.dsc
 93f9b9aed95e55fe7356d75daa8bd6d54e15eb0e 18368 kanboard_1.2.26+ds-4.debian.tar.xz
 2f4a0c6e1feba292d36e7ed73b91f161a8f488b9 11442 kanboard_1.2.26+ds-4_amd64.buildinfo
Checksums-Sha256:
 0dd09115ba6b512ac93baddbe8896bd24b5b4700d551da598898bf8761bd685c 2765 kanboard_1.2.26+ds-4.dsc
 46f0dd53c1f66ac2aebf72ae4649d45644344e3b3fe127d26bb9db0bb8a05971 18368 kanboard_1.2.26+ds-4.debian.tar.xz
 533e1350c806ee7f0fca241aa053ae8fcc31a120d068fd4d6f74ec783aa1ed81 11442 kanboard_1.2.26+ds-4_amd64.buildinfo
Files:
 c63bb3ca67b67de40ef7c26b1ba08d18 2765 web optional kanboard_1.2.26+ds-4.dsc
 a95eb66ac18cd6c1859df0ed84876472 18368 web optional kanboard_1.2.26+ds-4.debian.tar.xz
 a697d468e6133a820a84179500cc6a96 11442 web optional kanboard_1.2.26+ds-4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcxc7CTsDz7hRCK0UsRvZGQeaO5gFAmSBM7sACgkQsRvZGQea
O5i91A/9FvqEIUrD59X6SX7l87KtJ52fIaNmpVLGPWJAkHKmlOiBIiQWEmyi77GJ
dfMEc0QE7G03PnZz9/QlGFhvKa7lhYahv9mSzY5ZQoeDgfLbD4964QoNubfqKJ2D
MWhu6iMu+pWOWRnmeTDcv8gs2ccqLaro+MN6CdCl7pzXTr744ISqavcrEpUSjHWT
Usx1PAsWh9w89QhvsrS3+AjSC5BuBXB1rmdmiYFzXvKzp/F4gNagVLlktjDbLj9v
Kx1oGJ1juV0fRCJq/yQu2Kc+Jac9rWHzRyMscTcK2jhvenNmH3OYfuBh4sAQjKH4
9xg9d4P2dL2jJ91wGtpyZVrjUmFCdjwxrMVT2wH4EOskFvaU0xnoY5wo20D+HzT7
QnASFMBP3dIqwsn2BSDadFLtuDA6RgFQQm0XESJ7tjuupcluaJ8GqErVpghQdmvw
UuSQbWzKTBW+I1TQTOzAd2XmucmzVtmuakU3xKDdk7eKSZJ8OKFEFTEv5qjU8OuB
WrwqX48/smcXTRFExTOMYQEcAccqqtXxU9nAjeURDVbWBEbUjZrgi5vJ5cI+WR0b
1DZ4g+E/YeYWvy3Mc7tCMNPcOlB7qs0+drRR/flUhJGP4TNdv76D9BcxHZ6LFbcq
5Kz22V2lW6mCmLsY1itR7FtcHNsAke39bPWm+ylWXe3SEw6ccio=
=f1+u
-----END PGP SIGNATURE-----

News for package kanboard