Control: tag -1 confirmed On Tue, Feb 14, 2023 at 02:26:58PM +0000, Carsten Schoenert wrote: > [ Reason ] > The version of flask-security in bullseye is affected by CVE-2021-23385. > https://security-tracker.debian.org/tracker/CVE-2021-23385 > > [ Impact ] > Without that fix users of Flask based application which using > get_post_logout_redirect and get_post_login_redirect functions might get > an bypassed URL validation and redirect a user to an arbitrary URL.
Please go ahead. > +Subject: A (hopeful) fix for possible open-redirect. Nothing like confidence :D Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
