** Changed in: redmine (Ubuntu Precise)
Status: New => Invalid
** Changed in: redmine (Ubuntu Trusty)
Status: New => Invalid
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1853063
Title:
SQL injection and Persistent XSS in textile formatting
Status in redmine package in Ubuntu:
New
Status in redmine source package in Precise:
Invalid
Status in redmine source package in Trusty:
Invalid
Status in redmine source package in Xenial:
New
Bug description:
Two important CVEs were released and addressed by upstream:
* Redmine Defect #31520: Persistent XSS in textile formatting (CVE-2019-17427)
* Redmine Defect #32374: SQL injection vulnerability in Redmine < 3.4.0
(CVE-2019-18890)
Those vulnerabilities were fixed in version 3.3.10. Here is the
upstream changelog:
https://www.redmine.org/projects/redmine/wiki/Changelog_3_3
Here is the diff of my Debian Stretch security update:
https://salsa.debian.org/ruby-
team/redmine/compare/debian%2F3.3.1-4+deb9u2...debian%2F3.3.1-4+deb9u3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/redmine/+bug/1853063/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : [email protected]
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
