Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 10 Dec 2015 01:13:24 -0500 (EST)
From: cve-assign@...re.org
To: matthias@...lons.info
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: Redmine - Data disclosure in atom feed

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> http://www.redmine.org/projects/redmine/wiki/Changelog_3_1
> http://www.redmine.org/projects/redmine/wiki/Changelog_3_0
> http://www.redmine.org/projects/redmine/wiki/Changelog_2_6
> http://www.redmine.org/news/103
> http://www.redmine.org/issues/21419 "Information leak in Atom feed"
> https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56
> http://www.redmine.org/projects/redmine/wiki/Security_Advisories

> app/views/journals/index.builder
> 
> - details_to_strings(change.details, false).each do |string|
> + details_to_strings(change.visible_details, false).each do |string|

Use CVE-2015-8537.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWaReYAAoJEL54rhJi8gl5K3sP/R/g6WGKgw/6KrtE4QKlZM9g
aUO09K1JRHSBV+bpkVe85MhvJneYWqpHOujdNmrU02JIifkYYKARMliWXjd2sudD
btQx3NXB/dbxwf/+RKI5HFoUYrv1BzxbTtuKRab3LrJRrUyJu2IHv397pEPRC34/
RdJMGbaeNQjQSydAjUV/SV/LaRt6lF0dmkeO4mb6DKIy8YshmkwYw2XeY2wZ4M1I
K8rrm20KxyT3/JHiq9xsIRbjfYQRJXQoZA5rFL15wl1/m9VSLXEZp+UAQcAAKQqc
W+0eGq1o9u6iytOhh1k4p5PP9POxcw5XrX+aMFioOppDfMyQ44UXsBbV2rYeKtZY
K2lk4glgBS9g+4bxYbt8pxGjeovy0RoGySP0JQsYMSisO81fD4Oi8NqQCVbbvygD
tcMSepJit7S7WzDta561ZfaQ8WdTw7AxUudE258HsgQZXdLA4Wm72jblMlcfaiLu
ee66OoZFsPPz8xft1fZH9MF/NlK19RPGxspGNrSmYJX6d/JJs7/I/H25BzxGjpSL
cl5WlqvRdtwravchAl5+DjTB/M131RiiYaIuZakGgdsOk+vZ6FrP5qAPRJd2cnAE
+E6TTuaabHothY52xtLpw0pwf44WjKxnxFuA9GFVJTsM3Mp1vAxUZxDMolVXsCKM
g0fvBBOtHSFzApUV7fUx
=nSzw
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ