Ubuntu CVE Tracker

Merge ~yomonokio/ubuntu-cve-tracker:flask-security into ubuntu-cve-tracker:master

  1. Git
  2. lp:~yomonokio/ubuntu-cve-tracker
  3. flask-security
  4. Merge into master
Proposed by Chrisa Oikonomou
Status: Merged
Merged at revision: 20ec2307951c6791d1cd0d539b0c6fe84c4bb97a
Proposed branch: ~yomonokio/ubuntu-cve-tracker:flask-security
Merge into: ubuntu-cve-tracker:master
Diff against target: 130 lines (+44/-31)
3 files modified
active/CVE-2021-21241 (+10/-10)
active/CVE-2021-23385 (+19/-12)
active/CVE-2021-32618 (+15/-9)
Reviewer Review Type Date Requested Status
Eduardo Barretto Approve
Review via email: mp+466293@code.launchpad.net

Commit message

Triage flask-security CVEs and assign CVE-2021-23385

Description of the change

Triage flask-security CVEs and assign CVE-2021-23385

To post a comment you must log in.
Revision history for this message
Eduardo Barretto (ebarretto) wrote :

thanks for addressing my comments
lgtm, thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/active/CVE-2021-21241 b/active/CVE-2021-21241
2index ba7dd07..e99b51d 100644
3--- a/active/CVE-2021-21241
4+++ b/active/CVE-2021-21241
5@@ -32,23 +32,23 @@ CVSS:
6
7
8 Patches_flask-security:
9-upstream_flask-security: needs-triage
10+upstream_flask-security: released (3.4.5)
11 precise/esm_flask-security: DNE
12 trusty_flask-security: ignored (end of standard support)
13 trusty/esm_flask-security: DNE
14 xenial_flask-security: DNE
15 bionic_flask-security: ignored (end of standard support, was needs-triage)
16-esm-apps/bionic_flask-security: needs-triage
17-focal_flask-security: needs-triage
18-esm-apps/focal_flask-security: needs-triage
19+esm-apps/bionic_flask-security: not-affected (code not present)
20+focal_flask-security: not-affected (code not present)
21+esm-apps/focal_flask-security: not-affected (code not present)
22 groovy_flask-security: ignored (end of life)
23 hirsute_flask-security: ignored (end of life)
24 impish_flask-security: ignored (end of life)
25-jammy_flask-security: needs-triage
26-esm-apps/jammy_flask-security: needs-triage
27+jammy_flask-security: not-affected (3.4.5)
28+esm-apps/jammy_flask-security: not-affected (3.4.5)
29 kinetic_flask-security: ignored (end of life, was needs-triage)
30 lunar_flask-security: ignored (end of life, was needs-triage)
31-mantic_flask-security: needs-triage
32-noble_flask-security: needs-triage
33-esm-apps/noble_flask-security: needs-triage
34-devel_flask-security: needs-triage
35+mantic_flask-security: not-affected (3.4.5)
36+noble_flask-security: not-affected (3.4.5)
37+esm-apps/noble_flask-security: not-affected (3.4.5)
38+devel_flask-security: not-affected (3.4.5)
39diff --git a/active/CVE-2021-23385 b/active/CVE-2021-23385
40index f35a8d3..d2e61c3 100644
41--- a/active/CVE-2021-23385
42+++ b/active/CVE-2021-23385
43@@ -20,24 +20,31 @@ Mitigation:
44 Bugs:
45 Priority: medium
46 Discovered-by:
47-Assigned-to:
48+Assigned-to: yomonokio
49 CVSS:
50 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]
51
52
53 Patches_flask-security:
54-upstream_flask-security: needs-triage
55-trusty_flask-security: DNE
56+upstream_flask-security: released (4.0.0-1+deb11u1)
57+precise/esm_flask-security: DNE
58+trusty_flask-security: ignored (end of standard support)
59+trusty/esm_flask-security: DNE
60 xenial_flask-security: DNE
61 bionic_flask-security: ignored (end of standard support, was needs-triage)
62-esm-apps/bionic_flask-security: needs-triage
63-focal_flask-security: needs-triage
64-esm-apps/focal_flask-security: needs-triage
65-jammy_flask-security: needs-triage
66-esm-apps/jammy_flask-security: needs-triage
67+esm-apps/bionic_flask-security: needed
68+focal_flask-security: needed
69+esm-apps/focal_flask-security: needed
70+groovy_flask-security: ignored (end of life)
71+hirsute_flask-security: ignored (end of life)
72+impish_flask-security: ignored (end of life)
73+jammy_flask-security: needed
74+esm-apps/jammy_flask-security: needed
75 kinetic_flask-security: ignored (end of life, was needs-triage)
76 lunar_flask-security: ignored (end of life, was needs-triage)
77-mantic_flask-security: needs-triage
78-noble_flask-security: needs-triage
79-esm-apps/noble_flask-security: needs-triage
80-devel_flask-security: needs-triage
81+mantic_flask-security: not-affected (4.0.0-1+deb11u1)
82+noble_flask-security: not-affected (4.0.0-1+deb11u1)
83+esm-apps/noble_flask-security: not-affected (4.0.0-1+deb11u1)
84+devel_flask-security: not-affected (4.0.0-1+deb11u1)
85+
86+
87diff --git a/active/CVE-2021-32618 b/active/CVE-2021-32618
88index 5e9d2f9..f17f620 100644
89--- a/active/CVE-2021-32618
90+++ b/active/CVE-2021-32618
91@@ -26,6 +26,12 @@ Description:
92 setting the 'autocorrect_location_header=False`.
93 Ubuntu-Description:
94 Notes:
95+ yomonokio> This CVE is a duplicate of CVE-2021-23385, but for
96+ yomonokio> flask-security-too (new upstream). In Ubuntu, the
97+ yomonokio> flask-security source package started to be based
98+ yomonokio> on flask-security-too starting from mantic, therefore
99+ yomonokio> we will track only CVE-2021-23385 and mark this one as
100+ yomonokio> ignored.
101 Mitigation:
102 Bugs:
103 Priority: low
104@@ -42,17 +48,17 @@ trusty_flask-security: ignored (end of standard support)
105 trusty/esm_flask-security: DNE
106 xenial_flask-security: ignored (end of standard support)
107 bionic_flask-security: ignored (end of standard support, was needs-triage)
108-esm-apps/bionic_flask-security: needs-triage
109-focal_flask-security: needs-triage
110-esm-apps/focal_flask-security: needs-triage
111+esm-apps/bionic_flask-security: ignored (see notes)
112+focal_flask-security: ignored (see notes)
113+esm-apps/focal_flask-security: ignored (see notes)
114 groovy_flask-security: ignored (end of life)
115 hirsute_flask-security: ignored (end of life)
116 impish_flask-security: ignored (end of life)
117-jammy_flask-security: needs-triage
118-esm-apps/jammy_flask-security: needs-triage
119+jammy_flask-security: ignored (see notes)
120+esm-apps/jammy_flask-security: ignored (see notes)
121 kinetic_flask-security: ignored (end of life, was needs-triage)
122 lunar_flask-security: ignored (end of life, was needs-triage)
123-mantic_flask-security: needs-triage
124-noble_flask-security: needs-triage
125-esm-apps/noble_flask-security: needs-triage
126-devel_flask-security: needs-triage
127+mantic_flask-security: ignored (see notes)
128+noble_flask-security: ignored (see notes)
129+esm-apps/noble_flask-security: ignored (see notes)
130+devel_flask-security: ignored (see notes)

Subscribers

People subscribed via source and target branches