[Secure-testing-commits] r56791 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Oct 18 04:30:11 UTC 2017
Author: carnil
Date: 2017-10-18 04:30:11 +0000 (Wed, 18 Oct 2017)
New Revision: 56791
Modified:
data/CVE/list
Log:
Add CVEs for redmine
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-17 21:21:27 UTC (rev 56790)
+++ data/CVE/list 2017-10-18 04:30:11 UTC (rev 56791)
@@ -46,46 +46,58 @@
RESERVED
CVE-2017-15514
RESERVED
-CVE-2017-XXXX [Multiple XSS vulnerabilities]
+CVE-2017-15568
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/27186 (private)
NOTE: upstream fixed in 3.2.8, 3.3.5 and 3.4.3
NOTE: https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448
+CVE-2017-15569
+ - redmine <unfixed>
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+ NOTE: https://www.redmine.org/issues/27186 (private)
NOTE: https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508
+CVE-2017-15570
+ - redmine <unfixed>
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+ NOTE: https://www.redmine.org/issues/27186 (private)
NOTE: https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b
+CVE-2017-15571
+ - redmine <unfixed>
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+ NOTE: https://www.redmine.org/issues/27186 (private)
NOTE: https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa
-CVE-2017-XXXX [Improper markup sanitization in wiki content]
+CVE-2017-15573 [Improper markup sanitization in wiki content]
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/25503 (private)
NOTE: upstream fixed in 3.2.6 and 3.3.3
-CVE-2017-XXXX [Use redirect on /account/lost_password to prevent password reset tokens in referers]
+CVE-2017-15572 [Use redirect on /account/lost_password to prevent password reset tokens in referers]
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/24416 (private)
NOTE: upstream fixed in 3.2.6 and 3.3.3
-CVE-2017-XXXX [Redmine.pm doesn't check that the repository module is enabled on project]
+CVE-2017-15575 [Redmine.pm doesn't check that the repository module is enabled on project]
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/24307 (private)
NOTE: upstream fixed in 3.2.6 and 3.3.3
-CVE-2017-XXXX [Stored XSS with SVG attachments]
+CVE-2017-15574 [Stored XSS with SVG attachments]
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/24199 (private)
NOTE: upstream fixed in 3.2.6 and 3.3.3
-CVE-2017-XXXX [Information leak when rendering Time Entry on activity view]
+CVE-2017-15576 [Information leak when rendering Time Entry on activity view]
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/23803 (private)
NOTE: upstream fixed in 3.2.6 and 3.3.3
-CVE-2017-XXXX [Information leak when rendering Wiki links]
+CVE-2017-15577 [Information leak when rendering Wiki links]
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/23793 (private)
NOTE: upstream fixed in 3.2.6 and 3.3.3
-CVE-2017-XXXX [Persistent XSS vulnerabilities in text formatting (Textile and Markdown) and project homepage]
+CVE-2016-10515 [Persistent XSS vulnerabilities in text formatting (Textile and Markdown) and project homepage]
- redmine 3.2.3-1
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: upstream fixed in 3.2.3
More information about the Secure-testing-commits
mailing list