Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#70203 - [redmine] [Security] cross-site scripting (CVE-2021-29274)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Monday, 29 March 2021, 08:27 GMT
Opened by Jonas Witschel (diabonas) - Monday, 29 March 2021, 08:27 GMT
|
DetailsSummary
======= The package redmine is vulnerable to cross-site scripting via CVE-2021-29274. Guidance ======== Upgrading to the fixed version 4.1.2 or to the currently latest version 4.2.0 fixes the issue. References ========== https://security.archlinux.org/AVG-1743 https://www.redmine.org/issues/33846 https://github.com/redmine/redmine/commit/35f5165c2dfc0364514541d38840e12024e2bc91 |
This task depends upon