oss-sec mailing list archives
CVE request: redmine issues
From: Moritz Muehlenhoff <jmm () debian org>
Date: Fri, 6 Jan 2012 18:02:20 +0100
Hi, please assign three CVE IDs for the following issues in Redmine: These need to be CVE-2011-* IDs: The announcement can be found here: http://www.redmine.org/news/49 -------- This release also fixes 3 security issues reported by joernchen of Phenoelit: * logged in users may be able to access private data (affected versions: 1.0.x) * persistent XSS vulnerability in textile formatter (affected versions: all previous releases) * remote command execution in bazaar repository adapter (affected versions: 0.9.x, 1.0.x) -------- This was already fixed in a Debian security update some time ago, but never received a CVE ID: http://lists.debian.org/debian-security-announce/2011/msg00131.html Patches can be found in the Debian patch tracker: http://patch-tracker.debian.org/package/redmine/1.0.1-2 Cheers, Moritz
Current thread:
- CVE request: redmine issues Moritz Muehlenhoff (Jan 06)
- Re: CVE request: redmine issues Kurt Seifried (Jan 06)