Date: Fri, 06 Jan 2012 10:45:08 -0700 From: Kurt Seifried <kseifrie@...hat.com> To: oss-security@...ts.openwall.com CC: Moritz Muehlenhoff <jmm@...ian.org> Subject: Re: CVE request: redmine issues On 01/06/2012 10:02 AM, Moritz Muehlenhoff wrote: > Hi, > please assign three CVE IDs for the following issues in Redmine: > > These need to be CVE-2011-* IDs: > > The announcement can be found here: http://www.redmine.org/news/49 > > -------- > This release also fixes 3 security issues reported by joernchen of > Phenoelit: > > * logged in users may be able to access private data (affected > versions: 1.0.x) Please use CVE-2011-4927 for this issue. > > * persistent XSS vulnerability in textile formatter (affected > versions: all previous releases) Please use CVE-2011-4928 for this issue. > > * remote command execution in bazaar repository adapter (affected > versions: 0.9.x, 1.0.x) Please use CVE-2011-4929 for this issue. > -------- > > This was already fixed in a Debian security update some time ago, > but never received a CVE ID: > http://lists.debian.org/debian-security-announce/2011/msg00131.html > > Patches can be found in the Debian patch tracker: > http://patch-tracker.debian.org/package/redmine/1.0.1-2 > > Cheers, > Moritz -- -- Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ