Package: glewlwyd Version: 2.5.2-2+deb11u1 Severity: important Tags: patch
-- System Information: Debian Release: 11.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-10-amd64 (SMP w/4 CPU threads) Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages glewlwyd depends on: ii dbconfig-pgsql 2.0.19 ii debconf [debconf-2.0] 1.5.77 pn glewlwyd-common <none> ii init-system-helpers 1.60 ii libc6 2.31-13+deb11u2 ii libcbor0 0.5.0+dfsg-2 ii libconfig9 1.5-0.4 ii libcrypt1 1:4.4.18-4 ii libgnutls30 3.7.1-5 pn libhoel1.4 <none> pn libiddawc0.9 <none> ii libjansson4 2.13.1-1.1 ii libldap-2.4-2 2.4.57+dfsg-3 ii libnettle8 3.7.3-1 ii liboath0 2.6.6-3 pn liborcania2.1 <none> pn librhonabwy0.9 <none> pn libulfius2.7 <none> pn libyder2.0 <none> ii lsb-base 11.1.0 ii sqlite3 3.34.1-3 ii ucf 3.0043 ii zlib1g 1:1.2.11.dfsg-2 glewlwyd recommends no packages. Versions of packages glewlwyd suggests:
Description: Fix escalation privilege Author: Nicolas Mora <babelou...@debian.org> Forwarded: not-needed --- a/src/webservice.c +++ b/src/webservice.c @@ -259,10 +259,6 @@ if (check_result_value(j_result, G_ERROR_UNAUTHORIZED)) { y_log_message(Y_LOG_LEVEL_WARNING, "Security - Authorization invalid for username %s at IP Address %s", json_string_value(json_object_get(j_param, "username")), ip_source); } - if ((session_uid = get_session_id(config, request)) != NULL && user_session_update(config, session_uid, u_map_get_case(request->map_header, "user-agent"), issued_for, json_string_value(json_object_get(j_param, "username")), NULL, 1) != G_OK) { - y_log_message(Y_LOG_LEVEL_ERROR, "callback_glewlwyd_user_auth - Error user_session_update (2)"); - } - o_free(session_uid); response->status = 401; } json_decref(j_result);