This bug was fixed in the package redmine - 3.4.4-1ubuntu0.1
---------------
redmine (3.4.4-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: persistent XSS exists due to textile formatting
- debian/patches/0020-Fix-CVE-2019-17427.patch: improve the way
that html tags are identified to be escaped. (LP: #1853063)
- CVE-2019-17427
- https://www.cvedetails.com/cve/CVE-2019-17427/
- Redmine Defect #31520
-- Paulo Flabiano Smorigo <[email protected]> Mon, 25 Nov 2019
20:17:10 +0000
** Changed in: redmine (Ubuntu)
Status: New => Fix Released
** Changed in: redmine (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1853063
Title:
SQL injection and Persistent XSS in textile formatting
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/redmine/+bug/1853063/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
