ping?
2012/4/8 Funda Wang <[email protected]>: > Hello, > > Could somebody pushing redmine 1.3.2 into cauldron? > > Redmine before 1.3.2 does not properly restrict the use of a hash to > provide values for a model's attributes, which allows remote attackers > to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, > (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) > Version, (9) Wiki, (10) UserPreference, or (11) Board model via a > modified URL, related to a "mass assignment" vulnerability, a > different vulnerability than CVE-2012-0327. > > Thanks.
