There are 3 open security issues in buster.
3 issues left for the package maintainer to handle:
- CVE-2020-25787:
(needs triaging)
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.
- CVE-2020-25788:
(needs triaging)
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.
- CVE-2020-25789:
(needs triaging)
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
You can find information about how to handle these issues in the security team's documentation.