Package: schleuder Version: 4.0.3-7 Severity: important Forwarded: https://0xacab.org/schleuder/schleuder/-/issues/530 Tags: bookworm fixed-upstream security upstream
Schleuder parses a request like x-subscribe: [email protected] <[email protected]> DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF as x-subscribe: [email protected] NULL TRUE which assigns 'admin' privileges to this subscription. This is dangerous behaviour. Unexpected input should always throw an error, especially where admin permissions are being assigned. _______________________________________________ Pkg-ruby-extras-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
