DSA-3502-1 roundup -- roundupID: oval:org.secpod.oval:def:602402 | Date: (C)2016-03-11 (M)2021-09-11 |
Class: PATCH | Family: unix |
Ralf Schlatterbeck discovered an information leak in roundup, a web-based issue tracking system. An authenticated attacker could use it to see sensitive details about other users, including their hashed password. After applying the update, which will fix the shipped templates, the site administrator should ensure the instanced versions are also updated, either by patching them manually or by recreating them
Platform: |
Debian 8.x |
Debian 7.x |