[Secure-testing-commits] r56781 - data/CVE
Paul Wise
pabs at moszumanska.debian.org
Tue Oct 17 10:30:29 UTC 2017
Author: pabs
Date: 2017-10-17 10:30:29 +0000 (Tue, 17 Oct 2017)
New Revision: 56781
Modified:
data/CVE/list
Log:
redmine: multiple vulnerabilities
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-17 09:24:09 UTC (rev 56780)
+++ data/CVE/list 2017-10-17 10:30:29 UTC (rev 56781)
@@ -1,3 +1,46 @@
+CVE-2017-XXXX [Multiple XSS vulnerabilities]
+ - redmine <unfixed>
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+ NOTE: https://www.redmine.org/issues/27186 (private)
+ NOTE: upstream fixed in 3.2.8, 3.3.5 and 3.4.3
+ NOTE: https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448
+ NOTE: https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508
+ NOTE: https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b
+ NOTE: https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa
+CVE-2017-XXXX [Improper markup sanitization in wiki content]
+ - redmine <unfixed>
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+ NOTE: https://www.redmine.org/issues/25503 (private)
+ NOTE: upstream fixed in 3.2.6 and 3.3.3
+CVE-2017-XXXX [Use redirect on /account/lost_password to prevent password reset tokens in referers]
+ - redmine <unfixed>
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+ NOTE: https://www.redmine.org/issues/24416 (private)
+ NOTE: upstream fixed in 3.2.6 and 3.3.3
+CVE-2017-XXXX [Redmine.pm doesn't check that the repository module is enabled on project]
+ - redmine <unfixed>
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+ NOTE: https://www.redmine.org/issues/24307 (private)
+ NOTE: upstream fixed in 3.2.6 and 3.3.3
+CVE-2017-XXXX [Stored XSS with SVG attachments]
+ - redmine <unfixed>
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+ NOTE: https://www.redmine.org/issues/24199 (private)
+ NOTE: upstream fixed in 3.2.6 and 3.3.3
+CVE-2017-XXXX [Information leak when rendering Time Entry on activity view]
+ - redmine <unfixed>
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+ NOTE: https://www.redmine.org/issues/23803 (private)
+ NOTE: upstream fixed in 3.2.6 and 3.3.3
+CVE-2017-XXXX [Information leak when rendering Wiki links]
+ - redmine <unfixed>
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+ NOTE: https://www.redmine.org/issues/23793 (private)
+ NOTE: upstream fixed in 3.2.6 and 3.3.3
+CVE-2017-XXXX [Persistent XSS vulnerabilities in text formatting (Textile and Markdown) and project homepage]
+ - redmine 3.2.3-1
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+ NOTE: upstream fixed in 3.2.3
CVE-2017-15513
RESERVED
CVE-2017-15512
More information about the Secure-testing-commits
mailing list