Debian Quality Assurance

kanboard (1.2.47+ds-1) [PTS] [DDPO]

OK: VCS matches the version in the archive

• Git: https://salsa.debian.org/debian/kanboard.git
• JSON
  Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
  For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
  The next upload will reset the information from the source package headers.
• Branch: debian/latest
• Path: debian/changelog
• Repo size: 692224
• Browser: https://salsa.debian.org/debian/kanboard
• Last scan: 2025-09-07 23:16:07+00
• Next scan: 2025-09-13 19:35:00+00
• CI pipeline status: failed
• Debian changelog in Git:

  kanboard (1.2.47+ds-1) unstable; urgency=medium
  
    * New upstream version 1.2.47+ds
      + Password Reset Poisoning via Host Header Injection:
        GHSA-2ch5-gqjm-8p92 aka CVE-2025-52560. Closes: #1112361.
      + Authenticated Admin Remote Code Execution via Unsafe Deserialization
        of Events:  GHSA-359x-c69j-q64r aka CVE-2025-55010. Closes: #1112363.
      + Stored XSS in project name: GHSA-5wj3-c9v4-pj9v aka CVE-2025-46825.
        Closes: #1112360.
      + Username Enumeration via Login Behavior and Bruteforce Protection Bypass:
        GHSA-qw57-7cx6-wvp7 aka CVE-2025-52576. Closes: #1112362.
      + Path Traversal in File Write via Task File Upload Api:
        GHSA-26f4-rx96-xc55 aka CVE-2025-55011. Closes: #1112364.
    * drop/refresh patches, as needed
    * enable build profiles in salsa ci
    * build package twice in salsa ci
    * enable salsa ci stats reporting
    * run wrap-and-sort -asbkt; enable job in salsa ci
  
   -- Joseph Nahmias <jello@debian.org>  Sat, 30 Aug 2025 22:32:02 -0400

• This branch is even with tag debian/1.2.47+ds-1

Package: JSON [Main page]

---

Back to the Debian Project homepage.

---