[Secure-testing-commits] r56781 - data/CVE

Paul Wise pabs at moszumanska.debian.org
Tue Oct 17 10:30:29 UTC 2017


Author: pabs
Date: 2017-10-17 10:30:29 +0000 (Tue, 17 Oct 2017)
New Revision: 56781

Modified:
   data/CVE/list
Log:
redmine: multiple vulnerabilities

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-17 09:24:09 UTC (rev 56780)
+++ data/CVE/list	2017-10-17 10:30:29 UTC (rev 56781)
@@ -1,3 +1,46 @@
+CVE-2017-XXXX [Multiple XSS vulnerabilities]
+	- redmine <unfixed>
+	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+	NOTE: https://www.redmine.org/issues/27186 (private)
+	NOTE: upstream fixed in 3.2.8, 3.3.5 and 3.4.3
+	NOTE: https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448
+	NOTE: https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508
+	NOTE: https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b
+	NOTE: https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa
+CVE-2017-XXXX [Improper markup sanitization in wiki content]
+	- redmine <unfixed>
+	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+	NOTE: https://www.redmine.org/issues/25503 (private)
+	NOTE: upstream fixed in 3.2.6 and 3.3.3
+CVE-2017-XXXX [Use redirect on /account/lost_password to prevent password reset tokens in referers]
+	- redmine <unfixed>
+	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+	NOTE: https://www.redmine.org/issues/24416 (private)
+	NOTE: upstream fixed in 3.2.6 and 3.3.3
+CVE-2017-XXXX [Redmine.pm doesn't check that the repository module is enabled on project]
+	- redmine <unfixed>
+	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+	NOTE: https://www.redmine.org/issues/24307 (private)
+	NOTE: upstream fixed in 3.2.6 and 3.3.3
+CVE-2017-XXXX [Stored XSS with SVG attachments]
+	- redmine <unfixed>
+	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+	NOTE: https://www.redmine.org/issues/24199 (private)
+	NOTE: upstream fixed in 3.2.6 and 3.3.3
+CVE-2017-XXXX [Information leak when rendering Time Entry on activity view]
+	- redmine <unfixed>
+	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+	NOTE: https://www.redmine.org/issues/23803 (private)
+	NOTE: upstream fixed in 3.2.6 and 3.3.3
+CVE-2017-XXXX [Information leak when rendering Wiki links]
+	- redmine <unfixed>
+	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+	NOTE: https://www.redmine.org/issues/23793 (private)
+	NOTE: upstream fixed in 3.2.6 and 3.3.3
+CVE-2017-XXXX [Persistent XSS vulnerabilities in text formatting (Textile and Markdown) and project homepage]
+	- redmine 3.2.3-1
+	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+	NOTE: upstream fixed in 3.2.3
 CVE-2017-15513
 	RESERVED
 CVE-2017-15512




More information about the Secure-testing-commits mailing list