-
redmine (3.2.1-2ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: persistent XSS exists due to textile formatting
- debian/patches/0020-Fix-CVE-2019-17427.patch: improve the way
that html tags are identified to be escaped. (LP: #1853063)
- CVE-2019-17427
- https://www.cvedetails.com/cve/CVE-2019-17427/
- Redmine Defect #31520
* SECURITY UPDATE: SQL injection vulnerability
- debian/patches/0021-Fix-CVE-2019-18890.patch: use map instead of each
because it casts the values to integer and return a new array.
(LP: #1853063)
- CVE-2019-18890
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890
- Redmine Defect #32374
-- Lucas Kanashiro <email address hidden> Mon, 18 Nov 2019 18:15:09 -0300
-
redmine (3.2.1-2) unstable; urgency=medium
[ Jonatan Nyberg ]
* Swedish translation update (Closes: #819743)
[ Antonio Terceiro ]
* 0004-Add-multi-tenancy-support.patch: load dependencies for all database
drivers used by all Redmine instances (Closes: #819815)
* 0005-Assume-default-instance.patch: remove change to Gemfile, not needed
anymore.
-- Antonio Terceiro <email address hidden> Sun, 03 Apr 2016 20:24:31 -0300
-
redmine (3.2.1-1) unstable; urgency=medium
* New upstream release
* Refresh patches
-- Antonio Terceiro <email address hidden> Sat, 19 Mar 2016 19:09:39 -0300
-
redmine (3.2.0-3) unstable; urgency=medium
* 0001-Gemfile-relax-some-dependencies.patch: also relax dependency on
mysql2
* debian/control: bump Standards-Version to 3.9.7; no changes needed.
-- Antonio Terceiro <email address hidden> Thu, 25 Feb 2016 20:23:14 -0300
-
redmine (3.2.0-2) unstable; urgency=medium
* Enforce dependencies on the required versions of rails and jquery-rails
(Closes: #814833)
-- Antonio Terceiro <email address hidden> Tue, 16 Feb 2016 10:26:50 -0200
-
redmine (3.2.0-1) unstable; urgency=medium
* New upstream release
- new dependencies: ruby-rbpdf, ruby-roadie-rails
* debian/watch: point at github
* Bump debhelper compatibility level to 9
* Move from cdbs to dh
* Stop builing fonts, upstream redmine doesn't rely on them anymore
* Dropped all patches already applied upstream and reworked all others.
Remaining patches:
- 0001-Gemfile-relax-some-dependencies.patch: adapt Gemfile
- now working against dependencies in unstable
(Closes: #808466, #792870)
- 0002-Force-table-encoding-in-mysql.patch
- 0003-Use-production-environment-by-default.patch
- 0004-Add-multi-tenancy-support.patch
* debian/copyright: updated wrt recent changes in the upstream tree
* debian/control: remove Conflicts: against packages that don't exist in
jessie.
* dropped obsolete dependency on libjs-scriptaculous
* Recommends: change ruby-passenger to passenger, drop old libfcgi-ruby*
* Suggests: add ruby-fcgi
* debian/control: move myself to Maintainer:, and move Jérémy Lal
to Uploaders:
* List runtime dependencies as build dependencies as well, and check that
all dependencies are OK at build time.
* Switch Vcs-* to https URLs
-- Antonio Terceiro <email address hidden> Mon, 15 Feb 2016 09:20:02 -0200
-
redmine (3.0~20140825-8) unstable; urgency=medium
* Replace "interest" triggers with "interest-nowait" ones to avoid trigger
loops (Closes: #786763)
-- Antonio Terceiro <email address hidden> Fri, 10 Jul 2015 20:07:20 -0300
