Information on source package redmine

Available versions

ReleaseVersion
stretch (security)3.3.1-4+deb9u2
sid3.4.5-1

Resolved issues

BugDescription
TEMP-0000000-838979Escape href attribute in auto links
TEMP-0000000-56C871Fixes permission check in QueriesController
CVE-2017-18026Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does ...
CVE-2017-16804In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function ...
CVE-2017-15577Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of ...
CVE-2017-15576Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry ...
CVE-2017-15575In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a ...
CVE-2017-15574In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible ...
CVE-2017-15573In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because ...
CVE-2017-15572In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can ...
CVE-2017-15571In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...
CVE-2017-15570In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...
CVE-2017-15569In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...
CVE-2017-15568In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...
CVE-2016-10515In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting ...
CVE-2015-8537app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before ...
CVE-2015-8477Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 ...
CVE-2015-8474Open redirect vulnerability in the valid_back_url function in ...
CVE-2015-8473The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x ...
CVE-2015-8346app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before ...
CVE-2014-1985Open redirect vulnerability in the redirect_back_or_default function ...
CVE-2012-2054Redmine before 1.3.2 does not properly restrict the use of a hash to ...
CVE-2012-0327Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 ...
CVE-2011-4929Unspecified vulnerability in the bazaar repository adapter in Redmine ...
CVE-2011-4928Cross-site scripting (XSS) vulnerability in the textile formatter in ...
CVE-2011-4927Unspecified vulnerability in the bazaar repository adapter in Redmine ...
CVE-2009-4459Redmine 0.8.7 and earlier uses the title tag before defining the ...
CVE-2009-4079Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and ...
CVE-2009-4078Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 ...

Security announcements

DSA / DLADescription
DSA-4191-2redmine - regression update
DSA-4191-1redmine - security update
DSA-3529-1redmine - security update
DLA-351-1redmine - security update
DSA-2261-1redmine - several

Search for package or bug name: Reporting problems