Source: buildbot Version: 1.8.0-1 Severity: grave Tags: security upstream Hi,
The following vulnerability was published for buildbot. CVE-2019-7313[0]: | www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the | Location header of /auth/login and /auth/logout via the redirect | parameter. This affects other web sites in the same domain. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-7313 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7313 [1] https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code Regards, Salvatore
