[Git][security-tracker-team/security-tracker][master] redmine commit refs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed May 22 18:55:36 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0b9feb2a by Moritz Muehlenhoff at 2024-05-22T19:54:58+02:00
redmine commit refs

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -52110,12 +52110,15 @@ CVE-2017-20187 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Mag
 CVE-2023-47260 (Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails ...)
 	- redmine <unfixed> (bug #1055474)
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+	NOTE: https://github.com/redmine/redmine/commit/15d0ea8c596f306131de2bd7edd1ae28ff122103 (5.0-stable)
 CVE-2023-47259 (Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile ...)
 	- redmine <unfixed> (bug #1055474)
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+	NOTE: https://github.com/redmine/redmine/commit/ea4bf1eba4b680159a873aa468364826f4d13385 (5.0-stable)
 CVE-2023-47258 (Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown  ...)
 	- redmine <unfixed> (bug #1055474)
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+	NOTE: https://github.com/redmine/redmine/commit/03bcf782463c9b84c6fe53b17cb1b781df6d8771 (5.0-stable)
 CVE-2023-47249 (In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayTy ...)
 	NOT-FOR-US: International Color Consortium DemoIccMAX
 CVE-2023-46981 (SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote atta ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -57,7 +57,7 @@ python-asyncssh
 --
 python-pymysql
 --
-redmine/stable
+redmine/stable (jmm)
 --
 ring/oldstable
   might make sense to rebase to current version



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b9feb2adf04ec53a14af19e652124be8e6045b5

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b9feb2adf04ec53a14af19e652124be8e6045b5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240522/924e8701/attachment.htm>

More information about the debian-security-tracker-commits mailing list