Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request: redmine issues
From: Kurt Seifried <kseifrie () redhat com>
Date: Fri, 06 Jan 2012 10:45:08 -0700

On 01/06/2012 10:02 AM, Moritz Muehlenhoff wrote:
please assign three CVE IDs for the following issues in Redmine:

These need to be CVE-2011-* IDs:

The announcement can be found here: http://www.redmine.org/news/49

This release also fixes 3 security issues reported by joernchen of

* logged in users may be able to access private data (affected
versions: 1.0.x)
Please use CVE-2011-4927 for this issue.

* persistent XSS vulnerability in textile formatter (affected
versions: all previous releases)
Please use CVE-2011-4928 for this issue.

* remote command execution in bazaar repository adapter (affected
versions: 0.9.x, 1.0.x)
Please use CVE-2011-4929 for this issue.

This was already fixed in a Debian security update some time ago,
but never received a CVE ID:

Patches can be found in the Debian patch tracker:



-- Kurt Seifried / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]