Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 03 Dec 2015 22:56:32 +0100
From: Matthias Geerdsen <matthias@...lons.info>
To: oss-security@...ts.openwall.com
Subject: CVE request - redmine: Issues API may disclose changeset messages
 that are not visible

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

please assign a CVE ID for another information disclosure issue fixed
in the latest Redmine releases (2.6.8, 3.0.6 and 3.1.2) [1]. The bug
report [2] links to the relevant diff [3].

Cheers
Matthias

[1] <http://www.redmine.org/projects/redmine/wiki/Changelog>
[2] <https://www.redmine.org/issues/21136>
[3]
<http://www.redmine.org/projects/redmine/repository/revisions/14794/diff/trunk/app/views/issues/show.api.rsb?utf8=%E2%9C%93&type=sbs>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWYLqLAAoJEDVYuxv9Aw7qFH8IAKjfJv7Q8rBpNw7T8WagFXOT
412u2iUYtc3mJ3t87C2FI+mxmtRfyxSIWgum+SSPMHdHIqxkpVa2BGmHfA3NWbLm
Wv9zGehWl9Z9wUvfK/5/Cw1scUabQvrXJZgK3YfEKfrk3XC2DCo3SiEXECzbtoiD
Eq6OTD+jCcB7XiHQL9IMFrOxzHp8tzQ/H6rZwYIhqNVXtsAlehribQliTJCxH6D6
h7kyeFktfxL9gu6/ye0KRGF+gfdeTv9ANXeJ41xPZDSZwu41dwGSd1eOO5jOEWlU
Nfu9NJdlb76yPTVi+KJAH5vAo+Yzj5yCw/fWEyzYLPg+xSIAg+Nwb8fhaze/SXg=
=1Xvp
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ