Package: roundup Version: 1.4.20-1.1+deb8u1 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for roundup. CVE-2019-10904[0]: | Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and | roundup/cgi/wsgi_handler.py mishandle 404 errors. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10904 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10904 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
