-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 13 May 2021 09:45:25 +0200 Source: redmine Architecture: source Version: 3.3.1-4+deb9u4 Distribution: stretch-security Urgency: medium Maintainer: Antonio Terceiro <terceiro@debian.org> Changed-By: Emilio Pozuelo Monfort <pochu@debian.org> Changes: redmine (3.3.1-4+deb9u4) stretch-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-25026: improper markup sanitization in Textile formatting. * CVE-2020-36306: XSS in back_url field. * CVE-2020-36307: XSS in textile inline links. * CVE-2020-36308: private issue subject leak via time entries export. * CVE-2021-30163: potential disclosure of names of private projects. * CVE-2021-30164: add_issue_notes permission bypass through issues API. * CVE-2021-31863: arbitrary file read through git integration. * CVE-2021-31864: add_issue_notes permission bypass through mail handler. * CVE-2021-31865: allowed filename extension bypass. * CVE-2021-31866: timing attack on SysController and MailHandlerController. * Run the testsuite during the build. Checksums-Sha1: 435e99d76c72365430089ff3e9d9c59547c76ef4 2823 redmine_3.3.1-4+deb9u4.dsc 2845e0111a25f0275514ec2a966e23657b9aa35f 2350320 redmine_3.3.1.orig.tar.gz fbf1eef13901ccccb10790c2c0e30716c217d2c5 255524 redmine_3.3.1-4+deb9u4.debian.tar.xz 6963bbd1a38dcccce6c8bfd10304518ce668e0f7 5994 redmine_3.3.1-4+deb9u4_source.buildinfo Checksums-Sha256: 06d6612f6397d08b3f29c47cd7d80cf976702240b6a2969b81d44d61dd5f36ee 2823 redmine_3.3.1-4+deb9u4.dsc 89c5a3ee1d1a3a956795fe253e4dc0c5de886f5495ddb2a0f8b6634a104c07c8 2350320 redmine_3.3.1.orig.tar.gz aad0033e6fc075dba4dab130e0d0357d487b39f380ff7cba1502d6fd6f021dc8 255524 redmine_3.3.1-4+deb9u4.debian.tar.xz b96cc0b442be9906309079040b9a55696c9950dfcf63a036aac06b721ff7985f 5994 redmine_3.3.1-4+deb9u4_source.buildinfo Files: f8a1d177ec3883f3cbe17ebb2c849d30 2823 web extra redmine_3.3.1-4+deb9u4.dsc bfa69f3bb3d1792d7a503e0d0c940349 2350320 web extra redmine_3.3.1.orig.tar.gz 166c0f51fcf0d48116d6d8bf3e01bee8 255524 web extra redmine_3.3.1-4+deb9u4.debian.tar.xz f83ae94a12fead3f4ca83ddd8a24067e 5994 web extra redmine_3.3.1-4+deb9u4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmCc3eUACgkQnUbEiOQ2 gwI7zhAAqFhNEuP2qtY7NjHjkHw9e9wb2m15Fkfk1V9KjsMqfgzp+Cm2bL0wSE1P Jc5uLvz5EX3ZEL2qGOPJOE9qwQC6ylKQm7fTv2wS4BLip8WFqBGdoPKtT/23ywg3 yZ1iS5NnsEYQRH/wpgBDPscdJJKke4Eo7/tkj3TcoqtSmduw64hZCARhZi/bwCT6 DFbcWt0DjggEoq8QBaSRVYpIlYpS6sCRbMA/UQVTxMvVZPZcL9dF4RXzt5x3tV+U LMg4x9vF2tTt5smxvTxkiVkm0vBjsTiSim3yOuyVtLwdLjtbt3s8CHOmDkOGHKEU InBHssm02Gqxa0dJmyf2rWX2ciamgfb4pt9/eZPI8f+eM5qq9QLtuseMnym5JLET PQDzgy18xjhNTOVfyoE+dmLdrEqliM0x3EQfKRF0aFVdyEg916IDHlFwxBjcaUZU EdVvLfxCW0W89igZY6q9DZdCUqb9gHd+KOkD59eWLDoydt8xRYQIs15LsNxQEKye 1E3RfS57kliJX20EZdSDrUX5dzhK+xxi9zyZqL5MYyURH/nhy74ZQEV5FeCHfFix wLgX1sus8bqqHdn1sznSTQKGu+63Fn8eDEZlgxJE8zzv/ui7BXWMw6GuJfjUbh7y VT48rFTa3JLxAS/O4C9fa765TMZvOY+mEFFRQH+QAyaL9KMj8/4= =j9X9 -----END PGP SIGNATURE-----
