awl (0.60-1+deb10u1ubuntu1) focal-security; urgency=medium
* Sync from Debian buster.
* Added changes:
- debian/patches/fix-ftbfs-phpunit8.patch: drop empty setUp function,
which causes make test to fail with PHPUnit 8.
awl (0.60-1+deb10u1) buster-security; urgency=high
* Fix two security vulnerablilites (closes: #956650)
+ CVE-2020-11728 "Session::__construct() allows use of the current time as
a session key"
+ CVE-2020-11729 "LSIDLogin() is insecure and can allow user
impersonation"
-- Eduardo Barretto <email address hidden> Mon, 14 Sep 2020 10:39:33 -0300