Publishing details

Published on 2019-11-25
Copied from ubuntu xenial in PPA for Ubuntu Security Proposed by Paulo Flabiano Smorigo

Changelog

redmine (3.2.1-2ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: persistent XSS exists due to textile formatting
    - debian/patches/0020-Fix-CVE-2019-17427.patch: improve the way
      that html tags are identified to be escaped. (LP: #1853063)
    - CVE-2019-17427
    - https://www.cvedetails.com/cve/CVE-2019-17427/
    - Redmine Defect #31520
  * SECURITY UPDATE: SQL injection vulnerability
    - debian/patches/0021-Fix-CVE-2019-18890.patch: use map instead of each
      because it casts the values to integer and return a new array.
      (LP: #1853063)
    - CVE-2019-18890
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890
    - Redmine Defect #32374

 -- Lucas Kanashiro <email address hidden>  Mon, 18 Nov 2019 18:15:09 -0300

Available diffs

diff from 3.2.1-2ubuntu0.1 to 3.2.1-2ubuntu0.2 (560 bytes)

Builds

amd64

Built packages

redmine flexible project management web application

redmine-mysql metapackage providing MySQL dependencies for Redmine

redmine-pgsql metapackage providing PostgreSQL dependencies for Redmine

redmine-sqlite metapackage providing sqlite dependencies for Redmine

Package files

redmine-mysql_3.2.1-2ubuntu0.2_all.deb (6.7 KiB)
redmine-pgsql_3.2.1-2ubuntu0.2_all.deb (6.7 KiB)
redmine-sqlite_3.2.1-2ubuntu0.2_all.deb (6.7 KiB)
redmine_3.2.1-2ubuntu0.2.debian.tar.xz (232.0 KiB)
redmine_3.2.1-2ubuntu0.2.dsc (2.7 KiB)
redmine_3.2.1-2ubuntu0.2_all.deb (1.1 MiB)
redmine_3.2.1.orig.tar.gz (2.2 MiB)