[ubuntu/xenial-updates] redmine 3.2.1-2ubuntu0.2 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Nov 25 14:58:09 UTC 2019

redmine (3.2.1-2ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: persistent XSS exists due to textile formatting
    - debian/patches/0020-Fix-CVE-2019-17427.patch: improve the way
      that html tags are identified to be escaped. (LP: #1853063)
    - CVE-2019-17427
    - https://www.cvedetails.com/cve/CVE-2019-17427/
    - Redmine Defect #31520
  * SECURITY UPDATE: SQL injection vulnerability
    - debian/patches/0021-Fix-CVE-2019-18890.patch: use map instead of each
      because it casts the values to integer and return a new array.
      (LP: #1853063)
    - CVE-2019-18890
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890
    - Redmine Defect #32374

Date: 2019-11-21 23:03:13.975465+00:00
Changed-By: Lucas Kanashiro <kanashiro at riseup.net>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list