[Secure-testing-commits] r38124 - data/CVE
Paul Wise
pabs at moszumanska.debian.org
Sun Dec 6 09:01:51 UTC 2015
Author: pabs
Date: 2015-12-06 09:01:50 +0000 (Sun, 06 Dec 2015)
New Revision: 38124
Modified:
data/CVE/list
Log:
A couple more redmine issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-05 13:34:31 UTC (rev 38123)
+++ data/CVE/list 2015-12-06 09:01:50 UTC (rev 38124)
@@ -1,3 +1,16 @@
+CVE-2015-XXXX [Data disclosure in atom feed]
+ - redmine <unfixed>
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+ NOTE: https://www.redmine.org/issues/21419 (private)
+ NOTE: https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56
+ NOTE: upstream fixed in 2.6.9, 3.0.6 and 3.1.3
+CVE-2015-XXXX [Data disclosure on the time logging form]
+ - redmine <unfixed>
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+ NOTE: https://www.redmine.org/issues/21150 (private)
+ NOTE: https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c
+ NOTE: https://github.com/redmine/redmine/commit/945a091c94a9ed651f61e225fa8646479478e9d4
+ NOTE: upstream fixed in 2.6.8, 3.0.6 and 3.1.2
CVE-2015-XXXX [Shotwell does not verify TLS certificates]
- shotwell <unfixed> (bug #807110)
[jessie] - shotwell <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list