[ubuntu/focal-security] flask-security 1.7.5-2ubuntu0.20.04.1 (Accepted)

Eduardo Barretto eduardo.barretto at canonical.com
Tue May 28 09:07:08 UTC 2024


flask-security (1.7.5-2ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: Possible open redirect vulnerability
    - debian/patches/CVE-2021-23385.patch: Updated
      flask_security/core.py, flask_security/utils.py and tests/test_misc.py
      to prevent possible URL validation bypass and user redirection to an
      arbitrary URL by providing multiple back slashes such as
      \\\evil.com/path.
    - CVE-2021-23385

Date: 2024-05-27 13:12:13.819786+00:00
Changed-By: Chrisa Oikonomou <chrisa.oikonomou at canonical.com>
Signed-By: Eduardo Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/flask-security/1.7.5-2ubuntu0.20.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list