DSA-1754 roundup -- insufficient access checksID: oval:org.mitre.oval:def:7366 | Date: (C)2009-12-15 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that roundup, an issue tracker with a command-line, web and email interface, allows users to edit resources in unauthorized ways, including granting themselves admin rights. This update introduces stricter access checks, actually enforcing the configured permissions and roles. This means that the configuration may need updating. In addition, user registration via the web interface has been disabled; use the program "roundup-admin" from the command line instead.
Platform: |
Debian 5.0 |
Debian 4.0 |