Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#70203 - [redmine] [Security] cross-site scripting (CVE-2021-29274)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Monday, 29 March 2021, 08:27 GMT
Last edited by Sergej Pupykin (sergej) - Monday, 10 May 2021, 20:03 GMT
Opened by Jonas Witschel (diabonas) - Monday, 29 March 2021, 08:27 GMT
Last edited by Sergej Pupykin (sergej) - Monday, 10 May 2021, 20:03 GMT
|
DetailsSummary
======= The package redmine is vulnerable to cross-site scripting via CVE-2021-29274. Guidance ======== Upgrading to the fixed version 4.1.2 or to the currently latest version 4.2.0 fixes the issue. References ========== https://security.archlinux.org/AVG-1743 https://www.redmine.org/issues/33846 https://github.com/redmine/redmine/commit/35f5165c2dfc0364514541d38840e12024e2bc91 |
This task depends upon
Closed by Sergej Pupykin (sergej)
Monday, 10 May 2021, 20:03 GMT
Reason for closing: Fixed
Additional comments about closing: updated to 4.2.1
Monday, 10 May 2021, 20:03 GMT
Reason for closing: Fixed
Additional comments about closing: updated to 4.2.1