Package "redmine"

Name: redmine


flexible project management web application

Latest version: 3.2.1-2ubuntu0.2
Release: xenial (16.04)
Level: updates
Repository: universe
Homepage: http://www.redmine.org


Download "redmine"

Other versions of "redmine" in Xenial

Repository Area Version
base universe 3.2.1-2
security universe 3.2.1-2ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Version: 3.2.1-2ubuntu0.2 2019-11-25 16:07:04 UTC

  redmine (3.2.1-2ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: persistent XSS exists due to textile formatting
    - debian/patches/0020-Fix-CVE-2019-17427.patch: improve the way
      that html tags are identified to be escaped. (LP: #1853063)
    - CVE-2019-17427
    - https://www.cvedetails.com/cve/CVE-2019-17427/
    - Redmine Defect #31520
  * SECURITY UPDATE: SQL injection vulnerability
    - debian/patches/0021-Fix-CVE-2019-18890.patch: use map instead of each
      because it casts the values to integer and return a new array.
      (LP: #1853063)
    - CVE-2019-18890
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890
    - Redmine Defect #32374

 -- Lucas Kanashiro <email address hidden> Mon, 18 Nov 2019 18:15:09 -0300

1853063 SQL injection and Persistent XSS in textile formatting
CVE-2019-17427 In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors.
CVE-2019-18890 A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted obj

About   -   Send Feedback to @ubuntu_updates