oss-sec mailing list archives

CVE request - redmine: Issues API may disclose changeset messages that are not visible

From: Matthias Geerdsen <matthias () vorlons info>
Date: Thu, 03 Dec 2015 22:56:32 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

please assign a CVE ID for another information disclosure issue fixed
in the latest Redmine releases (2.6.8, 3.0.6 and 3.1.2) [1]. The bug
report [2] links to the relevant diff [3].

Cheers
Matthias

[1] <http://www.redmine.org/projects/redmine/wiki/Changelog>
[2] <https://www.redmine.org/issues/21136>
[3]
<http://www.redmine.org/projects/redmine/repository/revisions/14794/diff/trunk/app/views/issues/show.api.rsb?utf8=%E2%9C%93&type=sbs>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWYLqLAAoJEDVYuxv9Aw7qFH8IAKjfJv7Q8rBpNw7T8WagFXOT
412u2iUYtc3mJ3t87C2FI+mxmtRfyxSIWgum+SSPMHdHIqxkpVa2BGmHfA3NWbLm
Wv9zGehWl9Z9wUvfK/5/Cw1scUabQvrXJZgK3YfEKfrk3XC2DCo3SiEXECzbtoiD
Eq6OTD+jCcB7XiHQL9IMFrOxzHp8tzQ/H6rZwYIhqNVXtsAlehribQliTJCxH6D6
h7kyeFktfxL9gu6/ye0KRGF+gfdeTv9ANXeJ41xPZDSZwu41dwGSd1eOO5jOEWlU
Nfu9NJdlb76yPTVi+KJAH5vAo+Yzj5yCw/fWEyzYLPg+xSIAg+Nwb8fhaze/SXg=
=1Xvp
-----END PGP SIGNATURE-----

Current thread:

CVE request - redmine: Issues API may disclose changeset messages that are not visible Matthias Geerdsen (Dec 03)
- Re: CVE request - redmine: Issues API may disclose changeset messages that are not visible cve-assign (Dec 04)