And of course I forgot the patch:
diff --git a/app/views/journals/index.builder b/app/views/journals/index.builder
index a81ff98..7d90346 100644
--- a/app/views/journals/index.builder
+++ b/app/views/journals/index.builder
@@ -19,7 +19,7 @@ xml.feed "xmlns" => "http://www.w3.org/2005/Atom; do
Control: notfound -1 1.0.1-2
Control: notfound -1 1.0.1-2+deb6u11
Control: found -1 1.1.2-2~bpo60+1
I have review the Redmine code for CVE-2015-8537 and it turns out the
vulnerable code is not present in 1.0.1, but is present in 1.1 and 1.4
which makes everything from squeeze-backports and up
Source: redmine
Version: 3.0~20140825-5
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for redmine.
CVE-2015-8537[0]:
Data disclosure in atom feed
If you fix the vulnerability please also make sure to include the
CVE (Common
3 matches
Mail list logo