-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3494-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb July 12, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : ruby-doorkeeper Version : 4.4.2-1+deb10u1 CVE ID : CVE-2023-34246 Debian Bug : 1038950 It was discovered that there was an issue in ruby-doorkeeper, a OAuth2 provider for Ruby on Rails applications. Doorkeeper automatically processed authorization requests without user consent for public clients that have been previously approved, but public clients are inherently vulnerable to impersonation as their identity cannot be assured. For Debian 10 buster, this problem has been fixed in version 4.4.2-1+deb10u1. We recommend that you upgrade your ruby-doorkeeper packages. For the detailed security status of ruby-doorkeeper please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby-doorkeeper Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmSuo3oACgkQHpU+J9Qx Hlix3g//YOh1bGBfnpEeeijsJZpoc0FVLDQP+OcdXnScaZEgtuUTQyQmHShV2Tny ywgo4YTBvZEl6n9ZNqRspRr3AZapOXnccuho2TqtwQw71UOYXCrvXVt0wDK7k1VW NsRBsugiCfGqURnryF9DjCSX2Dt4q6pUQFcbq0sj+285nw1Tzpf8dBVYjV6slyGu n1IdsUk6WfHAtXs4krfv4UVzHQqqbdWZ7suv3xsXlrVXuFz7dxk9eXoF5bwyhYKu V+F+HdloLGXy6dc3tFgHX6sr/rk2ALPMh0XaWRUEeAVEwRYaz5WSg/nJp74a6JSZ TO9azjeN9ZSDSRi139T1g79U1I3InXf6WWOfj1q6UvV3l16a7eM36UyIblBoNS81 PsLlPONBHprSZq0uorna42Er8uJWt6ZqyOg+PnMRIVHQFgbA58TOuXZzS71Eng1d Vyvr/y1+VPG3oo5imejTqFPUc7QupCfJukTNMHwsjoWVqgUx0qJXO5VCpbztfY5f JAcLTQZYRlJwEQ9k36SNNDO49rH+x6iG5mzpJYQnHN2kTId1FZx433XKlgywGxys MH/2iM+JJyF2pWqolGIi0VELiKriVCxQ7cUKmNXSQ93pa95GmC/EPj1to4LvoPLX Q/M1gPsJEhcinJQYDKCjzOr8kBBsRAfYPpAGLk2oc/i31aymhtM= =P9Fv -----END PGP SIGNATURE-----