oss-sec mailing list archives

CVE request: Redmine - Data disclosure in atom feed

From: Matthias Geerdsen <matthias () vorlons info>
Date: Tue, 8 Dec 2015 21:31:42 +0100

Hi,

please assign a CVE ID a data disclosure issue fixed in the latest
Redmine Releases (2.6.9, 3.0.7 and 3.1.3) [1,2,3,4]. Changelogs are
mentioning a private ticket [5]. The relevant commit should be this
one [6].

Cheers
Matthias

[1] http://www.redmine.org/projects/redmine/wiki/Changelog_3_1
[2] http://www.redmine.org/projects/redmine/wiki/Changelog_3_0
[3] http://www.redmine.org/projects/redmine/wiki/Changelog_2_6
[4] http://www.redmine.org/news/103
[5] http://www.redmine.org/issues/21419
[6]
<https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56>

http://www.redmine.org/projects/redmine/wiki/Security_Advisories

Current thread:

CVE request: Redmine - Data disclosure in atom feed Matthias Geerdsen (Dec 08)
- Re: CVE request: Redmine - Data disclosure in atom feed cve-assign (Dec 09)