[DRE-maint] [Bug 959187]

Sun Mar 25 15:27:56 UTC 2012

Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is available, members of the security team will review it and
publish the package. See the following link for more information:
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

** Visibility changed to: Public

** This bug is no longer flagged as a security vulnerability

** Changed in: redmine (Ubuntu)
       Status: New => Confirmed

** Also affects: redmine (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: redmine (Ubuntu Precise)
   Importance: Undecided
       Status: Confirmed

** Changed in: redmine (Ubuntu Lucid)
       Status: New => Confirmed

** Changed in: redmine (Ubuntu Precise)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/959187

Title:
  Mass assignment security vulnerability in Redmine

Status in “redmine” package in Ubuntu:
  Fix Released
Status in “redmine” source package in Lucid:
  Confirmed
Status in “redmine” source package in Precise:
  Fix Released

Bug description:
  Redmine has many mass assignment security vulnerabilities. See
  http://www.redmine.org/issues/10390 for details.

  Version 0.9.3-1 (Lucid Lynx) seems to be affected. Upstream reported
  version 1.3.0 (Precise Pangolin) and 1.3.1 as vulnerable.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/redmine/+bug/959187/+subscriptions