[Bug 1853063] Re: SQL injection and Persistent XSS in textile formatting

Launchpad Bug Tracker Mon, 25 Nov 2019 15:26:30 -0800

This bug was fixed in the package redmine - 4.0.1-2ubuntu0.1

---------------
redmine (4.0.1-2ubuntu0.1) disco-security; urgency=medium


  * SECURITY UPDATE: persistent XSS exists due to textile formatting
    - debian/patches/0020-Fix-CVE-2019-17427.patch: improve the way
      that html tags are identified to be escaped. (LP: #1853063)
    - CVE-2019-17427
    - https://www.cvedetails.com/cve/CVE-2019-17427/
    - Redmine Defect #31520

 -- Paulo Flabiano Smorigo <[email protected]>  Mon, 25 Nov 2019
20:20:08 +0000

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1853063

Title:
  SQL injection and Persistent XSS in textile formatting

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/redmine/+bug/1853063/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1853063] Re: SQL injection and Persistent XSS in textile formatting

Reply via email to