oss-sec mailing list archives

CVE request: Redmine - information disclosure on the time logging form

From: Matthias Geerdsen <matthias () vorlons info>
Date: Tue, 24 Nov 2015 23:09:19 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

please assign a CVE ID for an information disclosure issue in the
latest Redmine releases (2.6.8, 3.0.6 and 3.1.2) [1]. The issue is
listed at [2] and a commit can be found at [3]. A private bug report
appears to exist at [4]

Cheers
Matthias

[1] <http://www.redmine.org/news/102>
[2] <http://www.redmine.org/projects/redmine/wiki/Security_Advisories>
[3]
<https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c>
[4] <https://www.redmine.org/issues/21150>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWVOAJAAoJEDVYuxv9Aw7qGhQH/3xLVit66gjxG5pbJee6kykm
Ifzc9U7CKSmdMPT6Mv6DOYBLB0FnEHQS7Zybp0qU06b202Et9cnLm4tsibUBCZ3t
aCnoIMamd9O2ED3pHdVp8KbVgRftHzZeeKWsofE5dfQrKFyLSYmUOjEjySxmjwpH
OokliyvVl1xOqw9CF/mYv0gxROvJBG+/3jEeI6ACANRiVfAlV0lEBak1nBk3Ri+w
ihlfAbCMKVzOTL5OYgT4GYLMT8Lp2vXdp/S3WoeUMHhUd5yKQ0J4/Z+IevhW+I25
Mo1NcRmYCzBkWLzWFEZUtfUlmyt+mIqnfOts2Qx09OfCzVYO0xae4CFX+C/QgxQ=
=MSUo
-----END PGP SIGNATURE-----

Current thread:

CVE request: Redmine - information disclosure on the time logging form Matthias Geerdsen (Nov 24)
- Re: CVE request: Redmine - information disclosure on the time logging form cve-assign (Nov 25)