Accepted kanboard 1.2.26+ds-2+deb12u1 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted kanboard 1.2.26+ds-2+deb12u1 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 28 Jun 2023 07:52:57 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: kanboard_1.2.26+ds-2+deb12u1_source.changes
- Debian-source: kanboard
- Debian-suite: proposed-updates
- Debian-version: 1.2.26+ds-2+deb12u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=ALd8NFmK3/r1G6clX9l6xJUWldBYNPerrFFqGf7nv/Y=; b=NM9Qcz5EfyxYv64W2qg8OO3uVC HF6AnbGHJqDw7xpB1SY4pFCx+cNoXXpRvyK/SoHD68T8RNRiAb55Nv/Gl19POWkQvf8L9AW3mFtXi D4SQGkbpqrwvPCi3TOHD96WZ+gv6cFvw4lpOXrA5IwwEPeKsCnffx0GFVOoy3iwS/3TN3rlqTCsRR 1YB5AbeD9g+MAsx6+K3zwBhjQHNQpnRQvjmLDqn5FvxTRdElumhHJoUes+ybiqjIT9/9wxjSKjVoS qOGWYKOVm865seCsCnGnIu9T2T28gHtSRs6io8r3EDLh3YxRveuqxfznvQmAIha5DfqxlXUW+S7Ov n4aTLjjA==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1qEPyz-005EfR-NW@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 15 Jun 2023 23:02:33 -0400
Source: kanboard
Architecture: source
Version: 1.2.26+ds-2+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: Joseph Nahmias <jello@debian.org>
Changed-By: Joseph Nahmias <jello@debian.org>
Closes: 1036874 1037167
Changes:
kanboard (1.2.26+ds-2+deb12u1) bookworm; urgency=high
.
* Cherry-pick security fixes from kanboard_1.2.26+ds-[34] for bookworm.
* backport fix for CVE-2023-32685 from kanboard v1.2.29
https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv
Based on upstream commits 26b6eeb & c9c1872.
(cherry picked from commit d9b8d854f2d35831b04b84cfdda41cc7b49e3a28)
(Closes: #1036874)
* backport security fixes from kanboard v1.2.30.
> CVE-2023-33956: Parameter based Indirect Object Referencing leading
to private file exposure
> CVE-2023-33968: Missing access control allows user to move and
duplicate tasks to any project in the software
> CVE-2023-33969: Stored XSS in the Task External Link Functionality
> CVE-2023-33970: Missing access control in internal task links feature
(cherry picked from commit 4ad0ad220613bbf04bef559addba8c363fdf0dfa)
(Closes: #1037167)
* point gbp & salsa at bookworm
Checksums-Sha1:
6d39d4ef8df484a68b9c272ce92cdbd62acbd694 2797 kanboard_1.2.26+ds-2+deb12u1.dsc
35493fa22de1e6ce3b6151f9435d40c7e1243b0e 18472 kanboard_1.2.26+ds-2+deb12u1.debian.tar.xz
42cf644ea0ad2153e47ea04c6ec573e97a2a68ea 11216 kanboard_1.2.26+ds-2+deb12u1_amd64.buildinfo
Checksums-Sha256:
cc60e6992239d3493233ee7255d58d3e7fe2cfe69c5dd34dbd08708a226f0dbd 2797 kanboard_1.2.26+ds-2+deb12u1.dsc
627195d2f7066921c684ea5baa58063117080dc07478ea7ecba04da1a9c3274b 18472 kanboard_1.2.26+ds-2+deb12u1.debian.tar.xz
9109e9219cb325816619b7066afd4fecf18de49f0d5346ecbffeccb974caec2d 11216 kanboard_1.2.26+ds-2+deb12u1_amd64.buildinfo
Files:
6a8a619c02d20da64250f3e22d206065 2797 web optional kanboard_1.2.26+ds-2+deb12u1.dsc
05ef2c8593648613528d8b32b8eda5c0 18472 web optional kanboard_1.2.26+ds-2+deb12u1.debian.tar.xz
89f73bfa18f310d979489a839e6709e2 11216 web optional kanboard_1.2.26+ds-2+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcxc7CTsDz7hRCK0UsRvZGQeaO5gFAmSblK8ACgkQsRvZGQea
O5jnbA//awO7eMAtuUy+gSRvM6k2ahTs0cF/BP/6wWRVrlnGGnrgJclkDsbVrM7B
oEzHzIFUTcmleRQvcJ8X9tuFqpZoefKGLhVIwRZxoB3MG5/L687cLtQT83/JJjTd
GN6/xeFqPrby+LSNytpwU1jwY3JtfEzrzepzDp+JzpP42GXbxAaSKvlWPfpxz1db
AC3BCA8Einbyp7WyqK02NIaw8XrixK1NOGa5kpdFgu8aOcJiStdZkHUYlvemAV2z
Ch/6Zp2WBIjo72o2zYkk+6YmGD+wkGnvVfii2XcmWm6X7DWy73pt3JrsJhUvXicE
l0sFmQT+KGj+uGohwWAClNL/unPWUeyKGbbjngN/7u32wHURjjI3kHqP/A8esqgf
BQPrVqoJHWy9XMF0z29KwDkoxb8UuddqivASp8yALy3IcD9soexuC2TvStDXXlSt
Yv98KlTfIiE/k8C3kZozd3HMS/hn1Z8E7PrdCqE+nlLzMPjKwd1R4qj6dLfI43wW
4p+lz3aNeRVFrWowjIMTC+Ig8+ZfM0/Teunj9CHMHIemU21BYlJ+DPFxoJjGV69f
iOhLvSfILbPsGHr4E4McDagdEK+zpg2MsqQaV61o1ZUGZdLY3dGinU2tWOO7PeMJ
dwyqYffABpDHPBN/e7WiT8uv2trr23Tz521kOO99VI5Gmz3dXIg=
=yfdh
-----END PGP SIGNATURE-----