Information on source package redmine

Available versions

ReleaseVersion
wheezy1.4.4+dfsg1-2+deb7u1
jessie3.0~20140825-8~deb8u4
jessie (security)3.0~20140825-8~deb8u2
stretch3.3.1-4
sid3.4.5-1

Open issues

BugwheezyjessiestretchsidDescription
CVE-2017-18026vulnerablevulnerablevulnerablefixedRedmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does ...
CVE-2017-16804vulnerablevulnerablevulnerablefixedIn Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function ...
CVE-2017-15577vulnerablevulnerablevulnerablefixedRedmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of ...
CVE-2017-15576vulnerablevulnerablevulnerablefixedRedmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry ...
CVE-2017-15575vulnerablevulnerablevulnerablefixedIn Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a ...
CVE-2017-15574vulnerablevulnerablevulnerablefixedIn Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible ...
CVE-2017-15573vulnerablevulnerablevulnerablefixedIn Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because ...
CVE-2017-15572vulnerablevulnerablevulnerablefixedIn Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can ...
CVE-2017-15571vulnerablevulnerablevulnerablefixedIn Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...
CVE-2017-15570vulnerablevulnerablevulnerablefixedIn Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...
CVE-2017-15569vulnerablevulnerablevulnerablefixedIn Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...
CVE-2017-15568vulnerablevulnerablevulnerablefixedIn Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...
CVE-2016-10515vulnerablevulnerablefixedfixedIn Redmine before 3.2.3, there are stored XSS vulnerabilities affecting ...
CVE-2015-8537vulnerablefixedfixedfixedapp/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before ...
CVE-2015-8477vulnerablefixedfixedfixedCross-site scripting (XSS) vulnerability in Redmine before 2.6.2 ...
CVE-2015-8474vulnerablefixedfixedfixedOpen redirect vulnerability in the valid_back_url function in ...
CVE-2015-8473vulnerablefixedfixedfixedThe Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x ...
CVE-2015-8346vulnerablefixedfixedfixedapp/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before ...
CVE-2014-1985vulnerablefixedfixedfixedOpen redirect vulnerability in the redirect_back_or_default function ...

Resolved issues

BugDescription
TEMP-0000000-838979Escape href attribute in auto links
TEMP-0000000-56C871Fixes permission check in QueriesController
CVE-2012-2054Redmine before 1.3.2 does not properly restrict the use of a hash to ...
CVE-2012-0327Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 ...
CVE-2011-4929Unspecified vulnerability in the bazaar repository adapter in Redmine ...
CVE-2011-4928Cross-site scripting (XSS) vulnerability in the textile formatter in ...
CVE-2011-4927Unspecified vulnerability in the bazaar repository adapter in Redmine ...
CVE-2009-4459Redmine 0.8.7 and earlier uses the title tag before defining the ...
CVE-2009-4079Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and ...
CVE-2009-4078Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 ...

Security announcements

DSA / DLADescription
DSA-3529-1redmine - security update
DLA-351-1redmine - security update
DSA-2261-1redmine - several

Search for package or bug name: Reporting problems