Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 6 Jan 2012 18:02:20 +0100
From: Moritz Muehlenhoff <>
Subject: CVE request: redmine issues

please assign three CVE IDs for the following issues in Redmine:

These need to be CVE-2011-* IDs:

The announcement can be found here:

This release also fixes 3 security issues reported by joernchen of

* logged in users may be able to access private data (affected
versions: 1.0.x)

* persistent XSS vulnerability in textile formatter (affected
versions: all previous releases)

* remote command execution in bazaar repository adapter (affected
versions: 0.9.x, 1.0.x)

This was already fixed in a Debian security update some time ago,
but never received a CVE ID:

Patches can be found in the Debian patch tracker:


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ