Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 24 Nov 2015 23:09:19 +0100
From: Matthias Geerdsen <matthias@...lons.info>
To: oss-security@...ts.openwall.com
Subject: CVE request: Redmine - information disclosure on the time logging
 form

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

please assign a CVE ID for an information disclosure issue in the
latest Redmine releases (2.6.8, 3.0.6 and 3.1.2) [1]. The issue is
listed at [2] and a commit can be found at [3]. A private bug report
appears to exist at [4]

Cheers
Matthias

[1] <http://www.redmine.org/news/102>
[2] <http://www.redmine.org/projects/redmine/wiki/Security_Advisories>
[3]
<https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c>
[4] <https://www.redmine.org/issues/21150>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWVOAJAAoJEDVYuxv9Aw7qGhQH/3xLVit66gjxG5pbJee6kykm
Ifzc9U7CKSmdMPT6Mv6DOYBLB0FnEHQS7Zybp0qU06b202Et9cnLm4tsibUBCZ3t
aCnoIMamd9O2ED3pHdVp8KbVgRftHzZeeKWsofE5dfQrKFyLSYmUOjEjySxmjwpH
OokliyvVl1xOqw9CF/mYv0gxROvJBG+/3jEeI6ACANRiVfAlV0lEBak1nBk3Ri+w
ihlfAbCMKVzOTL5OYgT4GYLMT8Lp2vXdp/S3WoeUMHhUd5yKQ0J4/Z+IevhW+I25
Mo1NcRmYCzBkWLzWFEZUtfUlmyt+mIqnfOts2Qx09OfCzVYO0xae4CFX+C/QgxQ=
=MSUo
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ