Your message dated Sun, 03 Jun 2018 11:02:59 +0000 with message-id <e1fpqmp-0007td...@fasolo.debian.org> and subject line Bug#900283: fixed in redmine 3.3.1-4+deb9u2 has caused the Debian Bug report #900283, regarding Bug in redmine 3.3.1-4+deb9u1 CVE-2017-15569.patch to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 900283: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900283 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: redmine Version: 3.3.1-4+deb9u1 Dear Maintainers, on Thu, 12 Apr 2018 11:33:06 -0300 Debian published a security update for Redmine in version 3.3.1. This security update includes patch CVE-2017-15569. https://sources.debian.org/patches/redmine/3.3.1-4+deb9u1/CVE-2017-15569.patch/ I write to report a bug with this patch. Custom fields with multiple values will not be put to a table correctly. The way I found out was: Create a tracker, that utilizes a custom field of type list or user and has multiple values allowed. Create an issue, that has more then one value in that custom field. E.g. two users. If I then do a query on my project, I get a HTTP-error 500 response and see the following in my logs: ------------------------------------------>8---------------------------------------------------------------------- Completed 500 Internal Server Error in 442ms (ActiveRecord: 84.3ms) ActionView::Template::Error (undefined local variable or method `item' for #<#<Class:0x00563c5e6eae88>:0x007f128233ed70>): 28: <% end %> 29: <tr id="issue-<%= issue.id %>" class="hascontextmenu <%= cycle('odd', 'even') %> <%= issue.css_classes %> <%= level > 0 ? "idnt idnt-#{level}" : nil %>"> 30: <td class="checkbox hide-when-print"><%= check_box_tag("ids[]", issue.id, false, :id => nil) %></td> 31: <% query.inline_columns.each do |column| %> 32: <%= content_tag('td', column_content(column, issue), :class => column.css_classes) %> 33: <% end %> 34: </tr> app/helpers/queries_helper.rb:132:in `block in column_content' app/helpers/queries_helper.rb:132:in `collect' ------------------------------------------8<---------------------------------------------------------------------- Changing the word "item" to "issue" resolves this problem. I'm using Debian 4.9.88-1 (2018-04-29) x86_64 GNU/Linux with kernel 4.9.0-6-amd64 and libc6 2.24-11+deb9u3. Please contact us if you have any further questions or would like to have more information. Kind regards Frank Hebold -- Frank Hebold Auszubildender zum Fachinformatiker (IHK) HiperScan GmbH Weißeritzstr. 3 01067 Dresden Germany phone +49 351 212 496 20 fax +49 351 212 496 99 mailto: frank.heb...@hiperscan.com www.hiperscan.com www.apo-ident.de HiperScan GmbH, Dresden commercial register number HRB 24683 local court Dresden CEOs: Dr. Alexander Wolter, Michael Thoma
--- End Message ---
--- Begin Message ---Source: redmine Source-Version: 3.3.1-4+deb9u2 We believe that the bug you reported is fixed in the latest version of redmine, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 900...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated redmine package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 03 Jun 2018 08:07:59 +0200 Source: redmine Binary: redmine redmine-mysql redmine-pgsql redmine-sqlite Architecture: source Version: 3.3.1-4+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Antonio Terceiro <terce...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 900283 Description: redmine - flexible project management web application redmine-mysql - metapackage providing MySQL dependencies for Redmine redmine-pgsql - metapackage providing PostgreSQL dependencies for Redmine redmine-sqlite - metapackage providing sqlite dependencies for Redmine Changes: redmine (3.3.1-4+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix backport of CVE-2017-15569 patch. Rename one occurence of 'item' back to 'issue' as the renaming change was introduced upstream in 3.4.0. Thanks to Frank Hebold <frank.heb...@hiperscan.com> (Closes: #900283) Checksums-Sha1: 0dc66dfe62bbd967d435902aa93ef2666f34d72f 2952 redmine_3.3.1-4+deb9u2.dsc ac85005e8df16ecb9493fd93b43c7d78e145d591 248892 redmine_3.3.1-4+deb9u2.debian.tar.xz Checksums-Sha256: 6af71680861755eb884855a208daf2910264d19af54a1ee5c32b9706e7383cf5 2952 redmine_3.3.1-4+deb9u2.dsc b828d3606443dfac8b345f924ed9924c1716e17edacd2e6d2905da9e317a2dcb 248892 redmine_3.3.1-4+deb9u2.debian.tar.xz Files: 0bac2cdefe002c170ead15c80d9ecf53 2952 web extra redmine_3.3.1-4+deb9u2.dsc 35e44e9d668da2969d7433cd9c5c0161 248892 web extra redmine_3.3.1-4+deb9u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlsTh+9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E6sEP/AgIt6pzJ8K2U0Dct3scFHqcZlLug4Gf qX5UfcHOvS5beLREpNW29zk/08AeOrbe35WLvBHeu3lt9OUDBqgGMjurk5dar9J8 srjSI2Vfv4rcXrGCVTThu7GBprjZyZkyfY0i0h7vwSZ2K3giNQq0m3BrEbhO+Hyh oZhttpa7MLe4pQTm0KVCVyvMTI0H1ZPl28q0NQ+i5sVHRO4nZqaeFZ4zP4btrZRe bV1ReBnMmHDNF6CDunR8YewghU7Q6fZO7DkA1M0qdOXUuSNeNYimSfjbecw1xEJS c3DURaG5rM9aORHnqBPoWJSBxsE/AJ0FtkYak2ok58kGU0+AGjmRODIulwHeARY2 qwIAcEmJBr385oKQl1LngyCgpQb9qCPRhbSN28Ot1i7SPFn+QpisDk3YibufrzbO LKrbxsbq5TnfXNgGQmqVmtopFFq/tupozZe59uFxDd6msGRA69QRqAV6VxXI7mT5 zWOKqgunODQwduqNF2Ok1L2TWLx1cu30NX1uPQyViAfQv/E2xiTUC0l87Sex0Ilu BRWPVwFFlUhmLzNwbSBv3vcUs30zh43zOtB/yEWhUk8Cg/jsBZJ+MqoyXLsFk1/u Llu3Gn4IIjCyt8qUpV9DfplJlvJkJEBMeUWTHuZdN1GzWTc2jitz0LoHMkucyKZM UnyG+RfkoK6t =M2fQ -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
