[Secure-testing-commits] r38623 - data/CVE
Antoine Beaupré
anarcat at moszumanska.debian.org
Thu Dec 31 20:17:56 UTC 2015
Author: anarcat
Date: 2015-12-31 20:17:56 +0000 (Thu, 31 Dec 2015)
New Revision: 38623
Modified:
data/CVE/list
Log:
Summary: close all issues in redmine for LTS as it's unsupported
this should really be automated, as i spent hours working on those
patches only to discover it wasn't supported after a while.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-31 14:42:57 UTC (rev 38622)
+++ data/CVE/list 2015-12-31 20:17:56 UTC (rev 38623)
@@ -3345,6 +3345,7 @@
RESERVED
- redmine <unfixed> (bug #807826)
[squeeze] - redmine <not-affected> (Vulnerable code not present in 1.0.1)
+ [wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/21419 (private)
NOTE: https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56
@@ -3364,6 +3365,8 @@
CVE-2015-8474 [Open Redirect vulnerability]
RESERVED
- redmine <unfixed> (bug #807272)
+ [squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
+ [wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
NOTE: http://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/19577 (private)
NOTE: commit: https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472
@@ -3374,6 +3377,7 @@
RESERVED
- redmine <unfixed> (bug #807345)
[squeeze] - redmine <not-affected> (code dates from the API changes introduced in 735a83c, part of 1.1)
+ [wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_3_0
NOTE: https://www.redmine.org/issues/21136
NOTE: http://www.openwall.com/lists/oss-security/2015/12/03/7
@@ -3733,6 +3737,8 @@
RESERVED
{DLA-351-1}
- redmine <unfixed> (bug #806376)
+ [wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
+ [squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_3_0
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/21150 (private)
@@ -21840,8 +21846,8 @@
CVE-2015-8477 [Potential XSS vulnerability when rendering some flash messages]
RESERVED
- redmine 3.0~20140825-5 (low)
- [wheezy] - redmine <no-dsa> (Minor issue)
- [squeeze] - redmine <no-dsa> (Minor issue)
+ [squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
+ [wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_2_6
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/19117
@@ -46154,8 +46160,8 @@
[squeeze] - horde3 <no-dsa> (Minor issue)
CVE-2014-1985 (Open redirect vulnerability in the redirect_back_or_default function ...)
- redmine 2.5.1-1 (bug #743828)
- [wheezy] - redmine <no-dsa> (Minor issue)
- [squeeze] - redmine <no-dsa> (Minor issue)
+ [squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
+ [wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
NOTE: https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3
NOTE: https://jvn.jp/en/jp/JVN93004610/
CVE-2014-2726
@@ -85124,7 +85130,8 @@
NOT-FOR-US: GitHub Enterprise
CVE-2012-2054 (Redmine before 1.3.2 does not properly restrict the use of a hash to ...)
- redmine 1.3.2+dfsg1-1
- [squeeze] - redmine <no-dsa> (Minor issue)
+ [squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
+ [wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
NOTE: http://www.redmine.org/issues/10390
NOTE: git mirror patch would be 5141f1e..177ff05
CVE-2012-2053 (The sudoers file in the Linux system configuration in F5 FirePass ...)
@@ -89442,7 +89449,8 @@
NOT-FOR-US: Janetter
CVE-2012-0327 (Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 ...)
- redmine 1.3.2+dfsg1-1
- [squeeze] - redmine <no-dsa> (Minor issue, patch impossible to find)
+ [squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
+ [wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
NOTE: http://jvn.jp/en/jp/JVN93406632/
NOTE: patch unclear: difficult to find the patch in 1.3.2 release
CVE-2012-0326 (The twicca application 0.7.0 through 0.9.30 for Android does not ...)
More information about the Secure-testing-commits
mailing list