Public bug reported: Two important CVEs were released and addressed by upstream:
* Redmine Defect #31520: Persistent XSS in textile formatting (CVE-2019-17427) * Redmine Defect #32374: SQL injection vulnerability in Redmine < 3.4.0 (CVE-2019-18890) Those vulnerabilities were fixed in version 3.3.10. Here is the upstream changelog: https://www.redmine.org/projects/redmine/wiki/Changelog_3_3 Here is the diff of my Debian Stretch security update: https://salsa.debian.org/ruby- team/redmine/compare/debian%2F3.3.1-4+deb9u2...debian%2F3.3.1-4+deb9u3 ** Affects: redmine (Ubuntu) Importance: Undecided Status: New ** Affects: redmine (Ubuntu Precise) Importance: Undecided Status: New ** Affects: redmine (Ubuntu Trusty) Importance: Undecided Status: New ** Affects: redmine (Ubuntu Xenial) Importance: Undecided Status: New ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-17427 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-18890 ** Also affects: redmine (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: redmine (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: redmine (Ubuntu Trusty) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1853063 Title: SQL injection and Persistent XSS in textile formatting Status in redmine package in Ubuntu: New Status in redmine source package in Precise: New Status in redmine source package in Trusty: New Status in redmine source package in Xenial: New Bug description: Two important CVEs were released and addressed by upstream: * Redmine Defect #31520: Persistent XSS in textile formatting (CVE-2019-17427) * Redmine Defect #32374: SQL injection vulnerability in Redmine < 3.4.0 (CVE-2019-18890) Those vulnerabilities were fixed in version 3.3.10. Here is the upstream changelog: https://www.redmine.org/projects/redmine/wiki/Changelog_3_3 Here is the diff of my Debian Stretch security update: https://salsa.debian.org/ruby- team/redmine/compare/debian%2F3.3.1-4+deb9u2...debian%2F3.3.1-4+deb9u3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redmine/+bug/1853063/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
