There is 1 open security issue in bullseye.
1 issue left for the package maintainer to handle:
- CVE-2024-25715:
(needs triaging)
Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri.
You can find information about how to handle this issue in the security team's documentation.
3 issues that should be fixed with the next stable update:
- CVE-2022-27240:
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion.
- CVE-2022-29967:
static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal.
- CVE-2023-49208:
scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration.