oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: Redmine - Data disclosure in atom feed

From: cve-assign () mitre org
Date: Thu, 10 Dec 2015 01:13:24 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


http://www.redmine.org/projects/redmine/wiki/Changelog_3_1
http://www.redmine.org/projects/redmine/wiki/Changelog_3_0
http://www.redmine.org/projects/redmine/wiki/Changelog_2_6
http://www.redmine.org/news/103
http://www.redmine.org/issues/21419 "Information leak in Atom feed"
https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56
http://www.redmine.org/projects/redmine/wiki/Security_Advisories



app/views/journals/index.builder

- details_to_strings(change.details, false).each do |string|
+ details_to_strings(change.visible_details, false).each do |string|


Use CVE-2015-8537.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWaReYAAoJEL54rhJi8gl5K3sP/R/g6WGKgw/6KrtE4QKlZM9g
aUO09K1JRHSBV+bpkVe85MhvJneYWqpHOujdNmrU02JIifkYYKARMliWXjd2sudD
btQx3NXB/dbxwf/+RKI5HFoUYrv1BzxbTtuKRab3LrJRrUyJu2IHv397pEPRC34/
RdJMGbaeNQjQSydAjUV/SV/LaRt6lF0dmkeO4mb6DKIy8YshmkwYw2XeY2wZ4M1I
K8rrm20KxyT3/JHiq9xsIRbjfYQRJXQoZA5rFL15wl1/m9VSLXEZp+UAQcAAKQqc
W+0eGq1o9u6iytOhh1k4p5PP9POxcw5XrX+aMFioOppDfMyQ44UXsBbV2rYeKtZY
K2lk4glgBS9g+4bxYbt8pxGjeovy0RoGySP0JQsYMSisO81fD4Oi8NqQCVbbvygD
tcMSepJit7S7WzDta561ZfaQ8WdTw7AxUudE258HsgQZXdLA4Wm72jblMlcfaiLu
ee66OoZFsPPz8xft1fZH9MF/NlK19RPGxspGNrSmYJX6d/JJs7/I/H25BzxGjpSL
cl5WlqvRdtwravchAl5+DjTB/M131RiiYaIuZakGgdsOk+vZ6FrP5qAPRJd2cnAE
+E6TTuaabHothY52xtLpw0pwf44WjKxnxFuA9GFVJTsM3Mp1vAxUZxDMolVXsCKM
g0fvBBOtHSFzApUV7fUx
=nSzw
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: