Information on source package redmine

Available versions

ReleaseVersion
bookworm5.0.4-5
sid5.0.4-7

Open issues

BugbookwormsidDescription
CVE-2023-47260vulnerablevulnerableRedmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails ...
CVE-2023-47259vulnerablevulnerableRedmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile ...
CVE-2023-47258vulnerablevulnerableRedmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown ...

Resolved issues

BugDescription
TEMP-0000000-838979Escape href attribute in auto links
TEMP-0000000-56C871Fixes permission check in QueriesController
CVE-2022-44637Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in i ...
CVE-2022-44031Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in i ...
CVE-2022-44030Redmine 5.x before 5.0.4 allows downloading of file attachments of any ...
CVE-2021-42326Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of ...
CVE-2021-37156Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon ...
CVE-2021-31866Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to lear ...
CVE-2021-31865Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...
CVE-2021-31864Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...
CVE-2021-31863Insufficient input validation in the Git repository integration of Red ...
CVE-2021-30164Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...
CVE-2021-30163Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...
CVE-2021-29274Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mi ...
CVE-2020-36308Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discov ...
CVE-2020-36307Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile ...
CVE-2020-36306Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url f ...
CVE-2019-25026Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data duri ...
CVE-2019-18890A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x befor ...
CVE-2019-17427In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists ...
CVE-2017-18026Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does ...
CVE-2017-16804In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function ...
CVE-2017-15577Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering o ...
CVE-2017-15576Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rend ...
CVE-2017-15575In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a che ...
CVE-2017-15574In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible ...
CVE-2017-15573In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because mar ...
CVE-2017-15572In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can o ...
CVE-2017-15571In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, X ...
CVE-2017-15570In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, X ...
CVE-2017-15569In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, X ...
CVE-2017-15568In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, X ...
CVE-2016-10515In Redmine before 3.2.3, there are stored XSS vulnerabilities affectin ...
CVE-2015-8537app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before ...
CVE-2015-8477Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allow ...
CVE-2015-8474Open redirect vulnerability in the valid_back_url function in app/cont ...
CVE-2015-8473The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x ...
CVE-2015-8346app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before ...
CVE-2014-1985Open redirect vulnerability in the redirect_back_or_default function i ...
CVE-2012-2054Redmine before 1.3.2 does not properly restrict the use of a hash to p ...
CVE-2012-0327Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allow ...
CVE-2011-4929Unspecified vulnerability in the bazaar repository adapter in Redmine ...
CVE-2011-4928Cross-site scripting (XSS) vulnerability in the textile formatter in R ...
CVE-2011-4927Unspecified vulnerability in the bazaar repository adapter in Redmine ...
CVE-2009-4459Redmine 0.8.7 and earlier uses the title tag before defining the chara ...
CVE-2009-4079Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and e ...
CVE-2009-4078Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 a ...

Security announcements

DSA / DLADescription
DLA-2787-1redmine - security update
DLA-2658-1redmine - security update
DSA-4574-1redmine - security update
DSA-4191-2redmine - regression update
DSA-4191-1redmine - security update
DSA-3529-1redmine - security update
DLA-351-1redmine - security update
DSA-2261-1redmine - several

Search for package or bug name: Reporting problems