Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4574-1] redmine security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4574-1] redmine security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4574-1] redmine security update
  • Date: Tue, 19 Nov 2019 19:03:56 +0000
  • List-archive: https://lists.debian.org/msgid-search/20191119190356.ui346mmyrffsrhoz AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Tue, 19 Nov 2019 19:04:15 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <KW0FgKQRpIO.A.RPF.vyD1dB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4574-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
November 19, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : redmine
CVE ID : CVE-2019-17427 CVE-2019-18890

Hoger Just discovered an SQL injection in Redmine, a project management
web application. In addition a cross-site scripting issue was found in
Textile formatting.

For the oldstable distribution (stretch), these problems have been fixed
in version 3.3.1-4+deb9u3.

We recommend that you upgrade your redmine packages.

For the detailed security status of redmine please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/redmine

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3UPCQACgkQEMKTtsN8
TjZ77w//e2PlXzfRWNeBvzsxuDQgxe5T/r2DPfWV0HL1Pns8+zq/PRfKIMILEUEx
Nru32E25B7ulc732WZn6/AzEwZ4TBzUZcVfbOBl9OAWZakH+8p9PDByVLKlyfxpY
FqxLbNBzIv1gHYIEBkoRtj1IF7xkiQKCuCqOkE5/Zt9q8b5bb4z+XoFLwIhpeFqi
rA7Ae6tUjs0YxcahL2IbcwvqRGmwesdecBDJ5TFL41+noTkTsr7KfRjTfw+lSHr+
0Zd3+EdxIF1/A2XalozQsp1Z6XIWo4p7BBv55tMQy0OENEZ2/DRrPykOY5hcqMLq
LKMksamYIYqDHhw9Zsedwq+ao0dV8yxYS8Pu+527qEs/Ie0A+zcLXgUCdy+i/SJ8
o3JaEtMyL9VlgT8wx7kq5A6ext91SLuBEJ9WcFOoJTi2AqLYqZm2n3pMb2YKFh1q
W2arhxuZwlu2ymbQDxy/RrFdVBLq7EyrKFf6nZqJAbRNBvq+kCeozbrYBcrTYl9B
IBTLGngcZj058JXbHFAoLc/vR1LquTNClousSqIeEpqcSBC6oENLwTus1b4OeDLJ
WJ64MCj9Bd/YEJTcJ8EDzWCvukn9UdSc7t2uYIW996uwe30nCp8Ewk9JdkUkCtUD
gb2TG6/IxfVLaO3sptmbbkPE+NmlplNoySQHD2YYSH3EOOT9xUY=
=S7b3
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4574-1] redmine security update, Moritz Muehlenhoff, 19.11.2019

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang