oss-sec mailing list archives
CVE request - redmine: Issues API may disclose changeset messages that are not visible
From: Matthias Geerdsen <matthias () vorlons info>
Date: Thu, 03 Dec 2015 22:56:32 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, please assign a CVE ID for another information disclosure issue fixed in the latest Redmine releases (2.6.8, 3.0.6 and 3.1.2) [1]. The bug report [2] links to the relevant diff [3]. Cheers Matthias [1] <http://www.redmine.org/projects/redmine/wiki/Changelog> [2] <https://www.redmine.org/issues/21136> [3] <http://www.redmine.org/projects/redmine/repository/revisions/14794/diff/trunk/app/views/issues/show.api.rsb?utf8=%E2%9C%93&type=sbs> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWYLqLAAoJEDVYuxv9Aw7qFH8IAKjfJv7Q8rBpNw7T8WagFXOT 412u2iUYtc3mJ3t87C2FI+mxmtRfyxSIWgum+SSPMHdHIqxkpVa2BGmHfA3NWbLm Wv9zGehWl9Z9wUvfK/5/Cw1scUabQvrXJZgK3YfEKfrk3XC2DCo3SiEXECzbtoiD Eq6OTD+jCcB7XiHQL9IMFrOxzHp8tzQ/H6rZwYIhqNVXtsAlehribQliTJCxH6D6 h7kyeFktfxL9gu6/ye0KRGF+gfdeTv9ANXeJ41xPZDSZwu41dwGSd1eOO5jOEWlU Nfu9NJdlb76yPTVi+KJAH5vAo+Yzj5yCw/fWEyzYLPg+xSIAg+Nwb8fhaze/SXg= =1Xvp -----END PGP SIGNATURE-----
Current thread:
- CVE request - redmine: Issues API may disclose changeset messages that are not visible Matthias Geerdsen (Dec 03)