Package: release.debian.org Severity: important Tags: bullseye User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: p...@rolandgruber.de
[ Reason ] Stored XSS and arbitrary image read vulnerability. See https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-f2fr-cccr-583v [ Impact ] Security issue [ Tests ] Manual tests were done [ Risks ] Minimal risk, backport of latest release 7.9.1-1 [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Backport of upstream fixes of 7.9.1 version. See https://github.com/LDAPAccountManager/lam/commit/39c48502cfa61c682cfd5f0cac3e3a8a2c3c9dcf [ Other info ] Security team asked to add this to next point release. It would not justify a DSA.