redmine (3.2.1-2ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: persistent XSS exists due to textile formatting
- debian/patches/0020-Fix-CVE-2019-17427.patch: improve the way
that html tags are identified to be escaped. (LP: #1853063)
- CVE-2019-17427
- https://www.cvedetails.com/cve/CVE-2019-17427/
- Redmine Defect #31520
* SECURITY UPDATE: SQL injection vulnerability
- debian/patches/0021-Fix-CVE-2019-18890.patch: use map instead of each
because it casts the values to integer and return a new array.
(LP: #1853063)
- CVE-2019-18890
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890
- Redmine Defect #32374
Date: 2019-11-21 23:03:13.975465+00:00
Changed-By: Lucas Kanashiro <[email protected]>
Signed-By: Ubuntu Archive Robot
<[email protected]>
https://launchpad.net/ubuntu/+source/redmine/3.2.1-2ubuntu0.2
Sorry, changesfile not available.
--
Xenial-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
