Back to kanboard PTS page

Accepted kanboard 1.2.26+ds-2+deb12u2 (source) into proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted kanboard 1.2.26+ds-2+deb12u2 (source) into proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 22 Jul 2023 16:02:09 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: kanboard_1.2.26+ds-2+deb12u2_source.changes
Debian-source: kanboard
Debian-suite: proposed-updates
Debian-version: 1.2.26+ds-2+deb12u2
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=YNJQIUf6aox6KPjqhXmpDpR5ypJEJpANjCjn37mOsHo=; b=ZppPz3dTSyc2EFfPSyog9ECyQo vOjMC/fJ/IZjd6ZTChF4LosCuPFP+jG2lpdMPM831aMsqUKgcxQozkmSh1jKFTigg8wHJYYX715Yv c2KLF3dPscvHv/4NqevmemYi/FyXL0XTIw6ONh9Wlzj553lObzW8UJRZhmg7zCRRDc8eXF4WwFoWQ HM5cbt+1XDLZJizee5rgjitKGynqpEg0VG73TpUu87amgESgrc6h6atlHaS3hstsUNGIl8et+eX+6 EuR2un/HfWskvy8fJZ9pByvQW5ywwVPblUa3Gm+nZPXhUahgquaQKFYQ/F1mXA1BCZ5J8EDOETglX q+a4CPGA==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1qNF3Z-004Uat-4P@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 12 Jul 2023 20:13:20 -0400
Source: kanboard
Architecture: source
Version: 1.2.26+ds-2+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Joseph Nahmias <jello@debian.org>
Changed-By: Joseph Nahmias <jello@debian.org>
Closes: 1036874 1037167 1040265
Changes:
 kanboard (1.2.26+ds-2+deb12u2) bookworm-security; urgency=high
 .
   * backport fix for CVE-2023-36813: Multiple Authenticated SQL Injections
     https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx
     Fix picked from kanboard v1.2.31
     https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad
     (Closes: #1040265)
 .
 kanboard (1.2.26+ds-2+deb12u1) bookworm; urgency=high
 .
   * Cherry-pick security fixes from kanboard_1.2.26+ds-[34] for bookworm.
   * backport fix for CVE-2023-32685 from kanboard v1.2.29
     https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv
     Based on upstream commits 26b6eeb & c9c1872.
     (cherry picked from commit d9b8d854f2d35831b04b84cfdda41cc7b49e3a28)
     (Closes: #1036874)
   * backport security fixes from kanboard v1.2.30.
      > CVE-2023-33956: Parameter based Indirect Object Referencing leading
        to private file exposure
      > CVE-2023-33968: Missing access control allows user to move and
        duplicate tasks to any project in the software
      > CVE-2023-33969: Stored XSS in the Task External Link Functionality
      > CVE-2023-33970: Missing access control in internal task links feature
     (cherry picked from commit 4ad0ad220613bbf04bef559addba8c363fdf0dfa)
     (Closes: #1037167)
   * point gbp & salsa at bookworm
Checksums-Sha1:
 67286f8f8d9468136f602dcabc366c8e9f189c84 2797 kanboard_1.2.26+ds-2+deb12u2.dsc
 71d224ceb1086b40603bf9b0a2f8dbc5cbeee0ed 974764 kanboard_1.2.26+ds.orig.tar.xz
 e779447aa41af05852f27af20f1c26eeeafac18f 18904 kanboard_1.2.26+ds-2+deb12u2.debian.tar.xz
 475008987c4be6b5a9db6b966504e9525cb2b4c3 11216 kanboard_1.2.26+ds-2+deb12u2_amd64.buildinfo
Checksums-Sha256:
 257197766cd6c6b38b954f402252082aedd8cec37b1bd1bfa1e8180b7a12bacf 2797 kanboard_1.2.26+ds-2+deb12u2.dsc
 89b68186c24bd13d33b883e807eee9a8c07e35c0d4b92e2f13803be3d0cfe653 974764 kanboard_1.2.26+ds.orig.tar.xz
 e26110f9c97df285f99a40f92bac2b80f0d23ecbfbbcbd902c3844292d15a093 18904 kanboard_1.2.26+ds-2+deb12u2.debian.tar.xz
 190e54f8a4518244ff753bbd07b992c4f5dfef1f76f03e11aba6874314e2e62a 11216 kanboard_1.2.26+ds-2+deb12u2_amd64.buildinfo
Files:
 03c5bf6da536bd27c4e59cec746fd5fa 2797 web optional kanboard_1.2.26+ds-2+deb12u2.dsc
 e572ec6c2b81d5a9df63d9ebf513de7a 974764 web optional kanboard_1.2.26+ds.orig.tar.xz
 9074f3fb03ffbedf358191fa063fd75d 18904 web optional kanboard_1.2.26+ds-2+deb12u2.debian.tar.xz
 8470c958bc45094c76b18e50129a4b40 11216 web optional kanboard_1.2.26+ds-2+deb12u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcxc7CTsDz7hRCK0UsRvZGQeaO5gFAmSzYxAACgkQsRvZGQea
O5iPFQ//c4k4kEiC4ZfXb+4+EfdufdBjO/Esto/GaZXfsZJvb04kTtKZDWhFL1CH
0xhL2s0aruM73NlVhHmiBlvgZnZ7xdXfjG+y8EZkX4ssimCZ9g8I9EHeMbUmvJsI
lbRqWEcARokCyUHkmWn9SKVx5AOmkEMOAjRRnYLK5Cn5pI6e4IlfL6GMzSwStChK
GF0OWvMuA39JeZyO30C6lbbRWCYY+uMjPP2EoDFnYED+t+AB58HD2RRTthwQ9/q2
alayJPZb5+9XE5gRYv0mTwoe2uuGGYMYopuVsipST2WLUAtv62EG1bQPIlzANxNg
h0GN/rvGPTDorYgEejfochiaH6LZxmCuSp0zp6nulOncCrgVVvulFq9mrbuoiZX5
CUqPS9+xrdnYtYg0qq4/d7HX2lFpSz+R5bxVU7V1V8A/8NmU8nAlvHE21+4C974s
61FPIJP/ZmVHYTXmxuObslQT11M9Qf2WLlSEOcp1GSjYvIems9xyI0Wmq7ynuaY+
GQLTn3jw2cKmn+OcSZT11anF48vyBo7BqlN+uvQ7vDEmQ44lCAKbpQAdmXm9K9U3
r8jPY4Fl8PXkzfeNmSRBSwdqY++dtSeIApcDV9+nA6olrq18gdFewRe8OB3QoMwO
8lYj0U5XGRiCmrbpVphPkRgKaqH6k2mWRqvZEHqlDvmS8ctfAEQ=
=MixI
-----END PGP SIGNATURE-----