[ubuntu/xenial-updates] redmine 3.2.1-2ubuntu0.2 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Nov 25 14:58:09 UTC 2019
redmine (3.2.1-2ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: persistent XSS exists due to textile formatting
- debian/patches/0020-Fix-CVE-2019-17427.patch: improve the way
that html tags are identified to be escaped. (LP: #1853063)
- CVE-2019-17427
- https://www.cvedetails.com/cve/CVE-2019-17427/
- Redmine Defect #31520
* SECURITY UPDATE: SQL injection vulnerability
- debian/patches/0021-Fix-CVE-2019-18890.patch: use map instead of each
because it casts the values to integer and return a new array.
(LP: #1853063)
- CVE-2019-18890
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890
- Redmine Defect #32374
Date: 2019-11-21 23:03:13.975465+00:00
Changed-By: Lucas Kanashiro <kanashiro at riseup.net>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/redmine/3.2.1-2ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list