Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pgadmin-hackers-owner+archive@lists.postgresql.org>)
	id 1mdQT5-0005QD-65
	for pgadmin-hackers@arkaria.postgresql.org; Thu, 21 Oct 2021 05:18:19 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <pgadmin-hackers-owner+archive@lists.postgresql.org>)
	id 1mdQT3-0004G1-1s
	for pgadmin-hackers@arkaria.postgresql.org; Thu, 21 Oct 2021 05:18:17 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <aditya.toshniwal@enterprisedb.com>)
	id 1mdQT2-0004Fr-GI
	for pgadmin-hackers@lists.postgresql.org; Thu, 21 Oct 2021 05:18:16 +0000
Received: from mail-ua1-x934.google.com ([2607:f8b0:4864:20::934])
	by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128)
	(Exim 4.92)
	(envelope-from <aditya.toshniwal@enterprisedb.com>)
	id 1mdQSy-0007Iq-Pi
	for pgadmin-hackers@postgresql.org; Thu, 21 Oct 2021 05:18:15 +0000
Received: by mail-ua1-x934.google.com with SMTP id e10so11009662uab.3
        for <pgadmin-hackers@postgresql.org>;
 Wed, 20 Oct 2021 22:18:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=enterprisedb.com; s=google;
        h=mime-version:from:date:message-id:subject:to;
        bh=Xvh9eTl7ClbJx8PWm2kNFdYqgIgwlkHXPjjNIV9mkvI=;
        b=ecQHob6hKk0ugck7ciWDe2SPWTCF8Zp53ps586a63iKIKaoojuJgJjhB7Krva10GM2
         UIagl888WzoCu29GFikLrdj3zQdaCN+aDQnvVpspUsb2auV16LrPgKv+dyq+c6PdnIB0
         N5EbZh9NffNgRyXoepS5V1dFEeZEDMaQuR3GMmY2LuyTZfMmPBcBhQc9KOQl0DPlytSo
         Ol6uAp7UhUf3EatofPZgC8khSSentRWT6jle1Lkf74W24a+q8pnAKvRAcQxQBB8Hf4/5
         7Xx45WgCP3tTspHYNSIMcweOyDhPs5dZFz91H6G8wVLKnMVwQ4qncCUJKaxQBocUfDHU
         Ap1A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=Xvh9eTl7ClbJx8PWm2kNFdYqgIgwlkHXPjjNIV9mkvI=;
        b=7a21zVkp9m7Jt45ziEY8eXJtkaI2LPMWdHmPoi33rbJIp/7uPzS9xQReKscnihJRiC
         UydYu3jsD8h2PS+RjU20dJHeI9PXqL8klZ0FPoMiePNfVhHmdveCiWj5a7r98CZUX//7
         qBKjQHtMc9aXH9swi8VPSYUIsNFcXqG2P8UH8cR0Vg3B3MNzZBhtKW/d/hFlkZLqTEm0
         6pmvkPa+L00Y/mOskMRLXGA/W9ZwbkRTYyd4WbMbuloPtnJlq47v5JV83X6uxpJ9cHYN
         EfA/NLCCWArchTMV3cB6CkiZhjBKgXbvPOdc6XpGHEimWF61m5TdugVM40U6E/otl/2M
         GYvQ==
X-Gm-Message-State: AOAM5311+kHIsnJl725jel7AheOUxrLe2C3xxEvm5NwTFmp+BVv0nxZb
	yiERtYwCYSt1+8V3PjNNH/BOuql21DqrO/lvIfG5k+8F7A18ko/45YLo+QK8Nbg3En1S7kCzH8s
	LzptH0WWfB+e/qc/hhoOqQwIr+JYNKtcZFGXVFWGqipYkf0hLeyK7KJlF1TtLlss0VrMpudydQy
	OegVbtmY+UiCevC9xuq/4OMh2fN8XsG8kCHUWfqkNso7dgT325F+abmG5ax3nbjyuQXg==
X-Google-Smtp-Source: 
 ABdhPJwVKpcvX+s+DN2Fxu3VokDdaExn6bWfLPmvZqgxZ46MPo9OME3ceav1DjGS/W09QD+BUqXne+e9WUkBFbJjAEc=
X-Received: by 2002:a05:6102:4af:: with SMTP id
 r15mr4513809vsa.10.1634793490628;
 Wed, 20 Oct 2021 22:18:10 -0700 (PDT)
MIME-Version: 1.0
From: Aditya Toshniwal <aditya.toshniwal@enterprisedb.com>
Date: Thu, 21 Oct 2021 10:47:34 +0530
Message-ID: 
 <CAM9w-_mmBhft+S_s2d2Ji__gWAz-9oX7xefCJkUcE8N5h5H8tQ@mail.gmail.com>
Subject: [pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability
To: pgadmin-hackers <pgadmin-hackers@postgresql.org>
Content-Type: multipart/mixed; boundary="0000000000004a797a05ced60543"
X-CLOUD-SEC-AV-Info: enterprisedb,google_mail,monitor
X-CLOUD-SEC-AV-Sent: true
X-Gm-Spam: 0
X-Gm-Phishy: 0
List-Id: <pgadmin-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgadmin-hackers@lists.postgresql.org>
List-Owner: <mailto:pgadmin-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgadmin-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/CAM9w-_mmBhft%2BS_s2d2Ji__gWAz-9oX7xefCJkUcE8N5h5H8tQ%40mail.gmail.com>
Precedence: bulk

--0000000000004a797a05ced60543
Content-Type: multipart/alternative; boundary="0000000000004a797705ced60541"

--0000000000004a797705ced60541
Content-Type: text/plain; charset="UTF-8"

Hi Hackers,

As per safety audit vulnerability report id #40493 for flask-security-too:
*This is considered a low severity due to the fact that if Werkzeug is used
(which is very common with Flask applications) as the WSGI layer, it by
default ALWAYS ensures that the Location header is absolute - thus making
this attack vector mute.*

Attached patch will ignore this ID for the audit.


-- 
Thanks,
Aditya Toshniwal
pgAdmin Hacker | Software Architect | *edbpostgres.com*
<http://edbpostgres.com>
"Don't Complain about Heat, Plant a TREE"

--0000000000004a797705ced60541
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><font face=3D"verdana, sans-serif">Hi Hackers,<br><br>As p=
er safety audit vulnerability report<span class=3D"gmail_default" style=3D"=
font-family:verdana,sans-serif"> id #40493 for flask-security-too</span>:<b=
r><i>This is considered a low severity due to the fact that if Werkzeug is =
used (which is very common with Flask applications) as the WSGI layer, it b=
y default ALWAYS ensures that the Location header is absolute - thus making=
 this attack vector mute.</i></font><div><br></div><div><div class=3D"gmail=
_default" style=3D"font-family:verdana,sans-serif">Attached patch will igno=
re this ID for the audit.</div><br></div><div><br></div><div>-- <br><div di=
r=3D"ltr" class=3D"gmail_signature" data-smartmail=3D"gmail_signature"><div=
 dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D=
"ltr"><div><font size=3D"2" color=3D"#000000" face=3D"arial, sans-serif">Th=
anks,</font><div><span style=3D"color:rgb(34,34,34)"><span style=3D"color:r=
gb(18,22,70)"><font face=3D"arial, sans-serif">Aditya Toshniwal</font></spa=
n></span><font size=3D"2" color=3D"#000000" face=3D"verdana, sans-serif"><b=
r></font></div><div><span style=3D"color:rgb(18,22,70);font-family:Arial,sa=
ns-serif">pgAdmin Hacker</span><font size=3D"2" color=3D"#000000" style=3D"=
font-family:verdana,sans-serif">=C2=A0| </font><font size=3D"2" color=3D"#0=
00000" face=3D"arial, sans-serif">Software Architect</font><font size=3D"2"=
 color=3D"#000000"><font face=3D"verdana, sans-serif">=C2=A0| </font><a hre=
f=3D"http://edbpostgres.com" target=3D"_blank"><font face=3D"arial, sans-se=
rif" color=3D"#000000"><b>edbpostgres.com</b></font></a></font></div><div><=
font color=3D"#38761d" size=3D"1"><font face=3D"arial, sans-serif">&quot;Do=
n&#39;t Complain about Heat, Plant a TREE&quot;</font></font></div></div></=
div></div></div></div></div></div></div></div>

--0000000000004a797705ced60541--

--0000000000004a797a05ced60543
Content-Type: application/octet-stream; name="safety-40493.patch"
Content-Disposition: attachment; filename="safety-40493.patch"
Content-Transfer-Encoding: base64
Content-ID: <f_kv0ht37v0>
X-Attachment-Id: f_kv0ht37v0

ZGlmZiAtLWdpdCBhL3dlYi9wYWNrYWdlLmpzb24gYi93ZWIvcGFja2FnZS5qc29uCmluZGV4IDJk
ODBjMmU5MS4uMDdhZjdhZTVjIDEwMDY0NAotLS0gYS93ZWIvcGFja2FnZS5qc29uCisrKyBiL3dl
Yi9wYWNrYWdlLmpzb24KQEAgLTE4Miw3ICsxODIsNyBAQAogICAgICJwZXA4IjogInB5Y29kZXN0
eWxlIC0tY29uZmlnPS4uLy5weWNvZGVzdHlsZSAuLi9kb2NzICYmIHB5Y29kZXN0eWxlIC0tY29u
ZmlnPS4uLy5weWNvZGVzdHlsZSAuLi9wa2cgJiYgcHljb2Rlc3R5bGUgLS1jb25maWc9Li4vLnB5
Y29kZXN0eWxlIC4uL3Rvb2xzICYmIHB5Y29kZXN0eWxlIC0tY29uZmlnPS4uLy5weWNvZGVzdHls
ZSAuLi93ZWIiLAogICAgICJhdWRpdGpzLWh0bWwiOiAieWFybiBhdWRpdCAtLWpzb24gfCB5YXJu
IHJ1biB5YXJuLWF1ZGl0LWh0bWwgLS1vdXRwdXQgLi4vYXVkaXRqcy5odG1sIiwKICAgICAiYXVk
aXRqcyI6ICJ5YXJuIGF1ZGl0IiwKLSAgICAiYXVkaXRweSI6ICJzYWZldHkgY2hlY2sgLS1mdWxs
LXJlcG9ydCIsCisgICAgImF1ZGl0cHkiOiAic2FmZXR5IGNoZWNrIC0tZnVsbC1yZXBvcnQgLWkg
NDA0OTMiLAogICAgICJhdWRpdCI6ICJ5YXJuIHJ1biBhdWRpdGpzICYmIHlhcm4gcnVuIGF1ZGl0
cHkiCiAgIH0KIH0K
--0000000000004a797a05ced60543--