[Secure-testing-commits] r38124 - data/CVE

Paul Wise pabs at moszumanska.debian.org
Sun Dec 6 09:01:51 UTC 2015


Author: pabs
Date: 2015-12-06 09:01:50 +0000 (Sun, 06 Dec 2015)
New Revision: 38124

Modified:
   data/CVE/list
Log:
A couple more redmine issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-12-05 13:34:31 UTC (rev 38123)
+++ data/CVE/list	2015-12-06 09:01:50 UTC (rev 38124)
@@ -1,3 +1,16 @@
+CVE-2015-XXXX [Data disclosure in atom feed]
+	- redmine <unfixed>
+	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+	NOTE: https://www.redmine.org/issues/21419 (private)
+	NOTE: https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56
+	NOTE: upstream fixed in 2.6.9, 3.0.6 and 3.1.3
+CVE-2015-XXXX [Data disclosure on the time logging form]
+	- redmine <unfixed>
+	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+	NOTE: https://www.redmine.org/issues/21150 (private)
+	NOTE: https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c
+	NOTE: https://github.com/redmine/redmine/commit/945a091c94a9ed651f61e225fa8646479478e9d4
+	NOTE: upstream fixed in 2.6.8, 3.0.6 and 3.1.2
 CVE-2015-XXXX [Shotwell does not verify TLS certificates]
 	- shotwell <unfixed> (bug #807110)
 	[jessie] - shotwell <no-dsa> (Minor issue)




More information about the Secure-testing-commits mailing list