Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 06 Jan 2012 10:45:08 -0700
From: Kurt Seifried <kseifrie@...hat.com>
To: oss-security@...ts.openwall.com
CC: Moritz Muehlenhoff <jmm@...ian.org>
Subject: Re: CVE request: redmine issues

On 01/06/2012 10:02 AM, Moritz Muehlenhoff wrote:
> Hi,
> please assign three CVE IDs for the following issues in Redmine:
>
> These need to be CVE-2011-* IDs:
>
> The announcement can be found here: http://www.redmine.org/news/49
>
> --------
> This release also fixes 3 security issues reported by joernchen of
> Phenoelit:
>
> * logged in users may be able to access private data (affected
> versions: 1.0.x)
Please use CVE-2011-4927 for this issue.
>
> * persistent XSS vulnerability in textile formatter (affected
> versions: all previous releases)
Please use CVE-2011-4928 for this issue.
>
> * remote command execution in bazaar repository adapter (affected
> versions: 0.9.x, 1.0.x)
Please use CVE-2011-4929 for this issue.
> --------
>
> This was already fixed in a Debian security update some time ago,
> but never received a CVE ID:
> http://lists.debian.org/debian-security-announce/2011/msg00131.html
>
> Patches can be found in the Debian patch tracker:
> http://patch-tracker.debian.org/package/redmine/1.0.1-2
>
> Cheers,
>         Moritz


-- 

-- Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ