Source: awl Version: 0.60-1 Severity: important Tags: security upstream Two security vulnerabilities were found in the awl package:
CVE-2020-11728 Session::__construct() allows use of the current time as a session key https://gitlab.com/davical-project/awl/-/issues/19 CVE-2020-11729 LSIDLogin() is insecure and can allow user impersonation https://gitlab.com/davical-project/awl/-/issues/18 All supported Debian releases are affected.