Source: redmine Version: 5.0.4-7 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for redmine. CVE-2023-47258[0]: | Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a | Markdown formatter. CVE-2023-47259[1]: | Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the | Textile formatter. CVE-2023-47260[2]: | Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via | thumbnails. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-47258 https://www.cve.org/CVERecord?id=CVE-2023-47258 [1] https://security-tracker.debian.org/tracker/CVE-2023-47259 https://www.cve.org/CVERecord?id=CVE-2023-47259 [2] https://security-tracker.debian.org/tracker/CVE-2023-47260 https://www.cve.org/CVERecord?id=CVE-2023-47260 Regards, Salvatore