Bug 32113

Summary: kanboard new security issue CVE-2023-36813
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: NEW --- QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: geiger.david68210
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA9TOO
Source RPM: kanboard-1.0.8-6.mga9.src.rpm CVE:
Status comment: Fixed upstream in 1.2.31

Description David Walser 2023-07-17 21:54:32 CEST 
Debian has issued an advisory on July 16:
https://www.debian.org/security/2023/dsa-5454

The issue is fixed upstream in 1.2.31:
https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx

Mageia 8 is also affected.
David Walser 2023-07-17 21:54:51 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 1.2.31

Comment 1 Lewis Smith 2023-07-19 21:01:19 CEST 
Little activity on this, various packagers, so assigning globally.

Assignee: bugsquad => pkg-bugs

Comment 2 David GEIGER 2024-06-15 09:21:10 CEST 
Removing Mageia 8 from whiteboard due to EOL!

CC: (none) => geiger.david68210
Whiteboard: MGA8TOO => MGA9TOO