Your message dated Mon, 02 Apr 2018 09:20:10 +0000 with message-id <e1f2vdk-0005dq...@fasolo.debian.org> and subject line Bug#882544: fixed in redmine 3.4.4-1 has caused the Debian Bug report #882544, regarding redmine: CVE-2017-15568 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 882544: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882544 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: redmine Version: 3.3.1-4 Severity: important Tags: patch security upstream Forwarded: https://www.redmine.org/issues/27186 Hi, the following vulnerability was published for redmine. CVE-2017-15568[0]: | In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, | XSS exists in app/helpers/application_helper.rb via a multi-value field | with a crafted value that is mishandled during rendering of issue | history. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-15568 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568 [1] https://www.redmine.org/issues/27186 [2] https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: redmine Source-Version: 3.4.4-1 We believe that the bug you reported is fixed in the latest version of redmine, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 882...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Marc Dequènes (Duck) <d...@duckcorp.org> (supplier of updated redmine package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 02 Apr 2018 13:52:08 +0900 Source: redmine Binary: redmine redmine-mysql redmine-pgsql redmine-sqlite Architecture: source all Version: 3.4.4-1 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Marc Dequènes (Duck) <d...@duckcorp.org> Description: redmine - flexible project management web application redmine-mysql - metapackage providing MySQL dependencies for Redmine redmine-pgsql - metapackage providing PostgreSQL dependencies for Redmine redmine-sqlite - metapackage providing sqlite dependencies for Redmine Closes: 857952 882544 882545 882547 882548 883919 887307 Changes: redmine (3.4.4-1) unstable; urgency=medium . [ Marc Dequènes (Duck) ] * New upstream release: + refreshed patches. + fix CVE-2017-15568 (Closes: #882544) + fix CVE-2017-15569 (Closes: #882545) + fix CVE-2017-15570 (Closes: #882547) + fix CVE-2017-15571 (Closes: #882548) + fix CVE-2017-18026 (Closes: #887307) * Add missing dependency on 'libjs-raphael' (Closes: #857952). * Updated Russian translation of debconf template, thanks Lev Lamberov (Closes: #883919) * Updated VCS URLs (Alioth->Salsa). . [ Lucas Kanashiro ] * Bump debhelper compatibility level to 10 * Declare compliance with Debian Policy 4.1.3 Checksums-Sha1: ffe04689984362287816182b4d1ab1c1d11b2ae5 2817 redmine_3.4.4-1.dsc e2892fa72645deb584038cc81bb13d171a729788 2394068 redmine_3.4.4.orig.tar.gz 8718f077a0b42078518c1814a9eb838a23e06b1b 238540 redmine_3.4.4-1.debian.tar.xz 991e0964dec1e8dba06d1230016b2f4a0fecf867 95236 redmine-mysql_3.4.4-1_all.deb 12d0646c912f31fc84626fed56d16fe4d1cd3edb 95212 redmine-pgsql_3.4.4-1_all.deb 8fd9f02575abb53a6fd857f959f0a25ecf642c22 95196 redmine-sqlite_3.4.4-1_all.deb a7ec6cc93f50c23a2186178b08ad3e70032a5011 1256812 redmine_3.4.4-1_all.deb 7dc7530b3796a356c9a8250b53678756474bbadb 9481 redmine_3.4.4-1_amd64.buildinfo Checksums-Sha256: fab592b7d3d06df8fb9a727b91123d813600ea5dea890eaddc4eeee1585302a3 2817 redmine_3.4.4-1.dsc 69c06704b7fbd7a403ff440d117c6aa5a87af92329910a0c983d045e8e23f3c4 2394068 redmine_3.4.4.orig.tar.gz e41dfa0c79cc333a016e23699a6752cdcff72797557bd13b0b45d4c180ef914f 238540 redmine_3.4.4-1.debian.tar.xz 0461e7f2a61befd740cbea37b5cb853f6a4888f8df280444c43fdee98ee9befb 95236 redmine-mysql_3.4.4-1_all.deb 65a4f727189a37c839e9724d3385170ece8ac001ca3a9d717ab7aaad38b245d4 95212 redmine-pgsql_3.4.4-1_all.deb 69fe0db512dd2faa0f07fa6dd69a3557f25992c5423673807f0413b0843a609b 95196 redmine-sqlite_3.4.4-1_all.deb eb85cff61e935f231b3050c6db24336692760bb8718c7820e1accf8887449ffe 1256812 redmine_3.4.4-1_all.deb 1f22c868f29d9848e03e2117cea3f0041bbb6698573cc2e5c23ec8012f6cb8ab 9481 redmine_3.4.4-1_amd64.buildinfo Files: a20a517b86b554c374137bb07d8b6123 2817 web optional redmine_3.4.4-1.dsc 13fa48bf41bcd9dccb3e929f846d1416 2394068 web optional redmine_3.4.4.orig.tar.gz 052effbe01fae700152a05926d187077 238540 web optional redmine_3.4.4-1.debian.tar.xz 0e4fa74b121a8e5a6d64823258af52a6 95236 web optional redmine-mysql_3.4.4-1_all.deb e15bc7630fb164b1924111a9393b07b5 95212 web optional redmine-pgsql_3.4.4-1_all.deb 36ebb4fdeb0667167d9032f1141e12b5 95196 web optional redmine-sqlite_3.4.4-1_all.deb bb8a72f3578a1c5e8ff1884b9cefd9f0 1256812 web optional redmine_3.4.4-1_all.deb e759e29c3efef02d9f3f65e73067eea2 9481 web optional redmine_3.4.4-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEcpcqg+UmRT3yiF+BVen596wcRD8FAlrB7rsACgkQVen596wc RD9UCQ/+KK3UaJjwhIYVj42Ldlu6dZuVwipzmhvSOQytyh6otWOcvyouTiV+BeDj 7ufJS3GaJSumKdhmf3Pal3Lp3LY3GqOQKMsXhZOl7noC5S7c8W+HKgiWBeUBar8w EzoElT27/rg8Ch0Xpj4qImbUGbCQ4rNgQ4NiAyxLnAjRn7x/zVbJZYQdQmwKu2tv Imm6pmKcrS6dAwaVWIszNDHQDgWI/1NS9ocPCCH4fBpTCfG88lYcb6hu8ocnUKs/ JCC6+1dRYCTRsLMkTwLf/3YNySlPSW3DBOL8oJbARxgaaHVm+9hWOuGMDzaXEttD z5fOieqUE9DBa6N42URUwI9XxSYrxeuP+E3HqyhxyBdiaQ3CR3oKntJRR6a1lJGb 6QmnP4R+4i6985BbyqVbCTJyfXO7AWDwcXjW9AKVN6C4aoUIjUNG6BUnJIIK4Gv5 B5W+/wln3mVwTRv9qGfSsAq2bh9VNOLFBuSweb2/O/zo8WG70KuxOqKxjcuMp/RY PlLbSt8adACT1JhGZxnPqcdBjhqecc4A+ZvhDL6jD0VOt/FECg2rN6Ng09cgTHHs YTVfX72XFvTjsAlDvxsfEkmSOZmDJasUesl5tbrA618JHsiF3ReNR2yzw0IADOq8 rDMFOIcgGeDVIxR0zpJohTvvVUrlbpPI+O1r15/OqLxHCxz+IVY= =751k -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
