Back to redmine PTS page

Accepted redmine 3.3.1-4+deb9u4 (source) into oldstable

To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
Subject: Accepted redmine 3.3.1-4+deb9u4 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 13 May 2021 08:10:12 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1lh6Q8-0007P7-F1@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 13 May 2021 09:45:25 +0200
Source: redmine
Architecture: source
Version: 3.3.1-4+deb9u4
Distribution: stretch-security
Urgency: medium
Maintainer: Antonio Terceiro <terceiro@debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Changes:
 redmine (3.3.1-4+deb9u4) stretch-security; urgency=medium
 .
   * Non-maintainer upload by the LTS team.
   * CVE-2019-25026: improper markup sanitization in Textile formatting.
   * CVE-2020-36306: XSS in back_url field.
   * CVE-2020-36307: XSS in textile inline links.
   * CVE-2020-36308: private issue subject leak via time entries export.
   * CVE-2021-30163: potential disclosure of names of private projects.
   * CVE-2021-30164: add_issue_notes permission bypass through issues API.
   * CVE-2021-31863: arbitrary file read through git integration.
   * CVE-2021-31864: add_issue_notes permission bypass through mail handler.
   * CVE-2021-31865: allowed filename extension bypass.
   * CVE-2021-31866: timing attack on SysController and MailHandlerController.
   * Run the testsuite during the build.
Checksums-Sha1:
 435e99d76c72365430089ff3e9d9c59547c76ef4 2823 redmine_3.3.1-4+deb9u4.dsc
 2845e0111a25f0275514ec2a966e23657b9aa35f 2350320 redmine_3.3.1.orig.tar.gz
 fbf1eef13901ccccb10790c2c0e30716c217d2c5 255524 redmine_3.3.1-4+deb9u4.debian.tar.xz
 6963bbd1a38dcccce6c8bfd10304518ce668e0f7 5994 redmine_3.3.1-4+deb9u4_source.buildinfo
Checksums-Sha256:
 06d6612f6397d08b3f29c47cd7d80cf976702240b6a2969b81d44d61dd5f36ee 2823 redmine_3.3.1-4+deb9u4.dsc
 89c5a3ee1d1a3a956795fe253e4dc0c5de886f5495ddb2a0f8b6634a104c07c8 2350320 redmine_3.3.1.orig.tar.gz
 aad0033e6fc075dba4dab130e0d0357d487b39f380ff7cba1502d6fd6f021dc8 255524 redmine_3.3.1-4+deb9u4.debian.tar.xz
 b96cc0b442be9906309079040b9a55696c9950dfcf63a036aac06b721ff7985f 5994 redmine_3.3.1-4+deb9u4_source.buildinfo
Files:
 f8a1d177ec3883f3cbe17ebb2c849d30 2823 web extra redmine_3.3.1-4+deb9u4.dsc
 bfa69f3bb3d1792d7a503e0d0c940349 2350320 web extra redmine_3.3.1.orig.tar.gz
 166c0f51fcf0d48116d6d8bf3e01bee8 255524 web extra redmine_3.3.1-4+deb9u4.debian.tar.xz
 f83ae94a12fead3f4ca83ddd8a24067e 5994 web extra redmine_3.3.1-4+deb9u4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmCc3eUACgkQnUbEiOQ2
gwI7zhAAqFhNEuP2qtY7NjHjkHw9e9wb2m15Fkfk1V9KjsMqfgzp+Cm2bL0wSE1P
Jc5uLvz5EX3ZEL2qGOPJOE9qwQC6ylKQm7fTv2wS4BLip8WFqBGdoPKtT/23ywg3
yZ1iS5NnsEYQRH/wpgBDPscdJJKke4Eo7/tkj3TcoqtSmduw64hZCARhZi/bwCT6
DFbcWt0DjggEoq8QBaSRVYpIlYpS6sCRbMA/UQVTxMvVZPZcL9dF4RXzt5x3tV+U
LMg4x9vF2tTt5smxvTxkiVkm0vBjsTiSim3yOuyVtLwdLjtbt3s8CHOmDkOGHKEU
InBHssm02Gqxa0dJmyf2rWX2ciamgfb4pt9/eZPI8f+eM5qq9QLtuseMnym5JLET
PQDzgy18xjhNTOVfyoE+dmLdrEqliM0x3EQfKRF0aFVdyEg916IDHlFwxBjcaUZU
EdVvLfxCW0W89igZY6q9DZdCUqb9gHd+KOkD59eWLDoydt8xRYQIs15LsNxQEKye
1E3RfS57kliJX20EZdSDrUX5dzhK+xxi9zyZqL5MYyURH/nhy74ZQEV5FeCHfFix
wLgX1sus8bqqHdn1sznSTQKGu+63Fn8eDEZlgxJE8zzv/ui7BXWMw6GuJfjUbh7y
VT48rFTa3JLxAS/O4C9fa765TMZvOY+mEFFRQH+QAyaL9KMj8/4=
=j9X9
-----END PGP SIGNATURE-----