CVE-2020-11728

Priority
Description
An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through
0.60. Session management does not use a sufficiently hard-to-guess session
key. Anyone who can guess the microsecond time (and the incrementing
session_id) can impersonate a session.
Notes
Package
Source: awl (LP Ubuntu Debian)
Upstream:released (0.61-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):released (0.60-1+deb10u1ubuntu1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (0.61-1)
More Information

Updated: 2020-09-25 00:29:45 UTC (commit 3c0ef214749d368dfef2a59d15a1acf57498fd3a)