-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 19 Mar 2016 20:31:15 -0300 Source: redmine Binary: redmine redmine-mysql redmine-pgsql redmine-sqlite Architecture: source all Version: 3.0~20140825-8~deb8u2 Distribution: jessie-security Urgency: high Maintainer: Jérémy Lal <kapouer@melix.org> Changed-By: Antonio Terceiro <terceiro@debian.org> Description: redmine - flexible project management web application redmine-mysql - metapackage providing MySQL dependencies for Redmine redmine-pgsql - metapackage providing PostgreSQL dependencies for Redmine redmine-sqlite - metapackage providing sqlite dependencies for Redmine Closes: 806376 807272 807345 807826 Changes: redmine (3.0~20140825-8~deb8u2) jessie-security; urgency=high . * Security update. Includes fixes for the following vulnerabilities: - CVE-2015-8346: Data disclosure on the time logging form (Closes: #806376) - CVE-02015-8474: open redirect vulnerability (Closes: #807272) - CVE-2015-8473: Issues API may disclose changeset messages that are not visible (Closes: #807345) - CVE-2015-8537: Data disclosure in atom feed (Closes: #807826) Checksums-Sha1: e9d262854135764a2629adf598a6bdbd355ae4f9 2294 redmine_3.0~20140825-8~deb8u2.dsc 03ad5b379dc0999f03c41fad9545fac037bf4546 2193559 redmine_3.0~20140825.orig.tar.gz 598d17cab03ab1beb81296183c47109024fd5400 243076 redmine_3.0~20140825-8~deb8u2.debian.tar.xz 67f7492cbd476907af89aa7b888c16639e583085 4653870 redmine_3.0~20140825-8~deb8u2_all.deb bc8f6c3295ffd013b056bdc9156b1546ab9e9e90 70740 redmine-mysql_3.0~20140825-8~deb8u2_all.deb 71d531067b9775598780f02dbad2c449ba4c6245 70708 redmine-pgsql_3.0~20140825-8~deb8u2_all.deb e636590af4f6599adc6295b416419c50605c2094 70692 redmine-sqlite_3.0~20140825-8~deb8u2_all.deb Checksums-Sha256: 8bf344cf9333253ec55e59b68f77af0da5e3dc4406e314b562861ba4f585c3ea 2294 redmine_3.0~20140825-8~deb8u2.dsc 97accde569350973ff9ba1c1ca5118726dd4fb7f1d47526f902c66d0dc88bc68 2193559 redmine_3.0~20140825.orig.tar.gz 8b461d493aa9fb4aa8f0e63b35165b4fe18188f885fc75d1ba133739bd78a340 243076 redmine_3.0~20140825-8~deb8u2.debian.tar.xz edcce602747d1e9240fcdba65e5040981d90ac49d2f9030cef28c37d2c1295a7 4653870 redmine_3.0~20140825-8~deb8u2_all.deb 70461c0d62acd0198b5441bbfea261fedf564e8762cd8645493e14d6cc27a0c2 70740 redmine-mysql_3.0~20140825-8~deb8u2_all.deb c0a4d7ade48c6608c7fbbd614c6072816c88577d5155f5270250304251895397 70708 redmine-pgsql_3.0~20140825-8~deb8u2_all.deb 7fa4aae57ba37f94526a47a157b3582d69e9236c29543dd10d89e4bec316c552 70692 redmine-sqlite_3.0~20140825-8~deb8u2_all.deb Files: 4867f7033ee33c5359ab34e06b589ac1 2294 web extra redmine_3.0~20140825-8~deb8u2.dsc d40022d37b8b13b3aa4059efd96e33af 2193559 web extra redmine_3.0~20140825.orig.tar.gz fb95747357eaf9d75f89828d6d4d855f 243076 web extra redmine_3.0~20140825-8~deb8u2.debian.tar.xz cc207649fcc55b8f3469ab8297e3883f 4653870 web extra redmine_3.0~20140825-8~deb8u2_all.deb b595c751ea76bce43782d669c649f787 70740 web extra redmine-mysql_3.0~20140825-8~deb8u2_all.deb dd22331b1b13cae0820fbd7da808967a 70708 web extra redmine-pgsql_3.0~20140825-8~deb8u2_all.deb 0d12d1473c648668c664214503a48f71 70692 web extra redmine-sqlite_3.0~20140825-8~deb8u2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJW7zs5AAoJEPwNsbvNRgve0c0QAIKYMP8AU5dcBY6RTEKZewLp C92XHE6vj0zBp+SGoJm4x0wc4nQRsuwdcVdtSGXbSsU7cwvuH0ftgZq2YlX9uE2h 7qv20jA5SZKL9vzYvPo0rhHb4QyPOepBUDCqXdRT6Ik6J4bOcQF3D0dDVXHCwUmU bOvHlOxn0UJibpn9ynb7BS4ZDLUrgzxhOSDWuVr2Lfea1v7XiMGi43n7nXYpmF/0 lwa505gHYs09FTjk2XC396jyL18djDq+/mySZv8/YYbeaYMFK9WSfxAYtwbIqGqZ jcK3V2tCSDSle+WYUKoMw4U0IzkH/bariyYeaTd03WVKPAHqQTwUABvmrhKVLYTi G93PAF7T3k3lC6clFsaYuRsn4bjYzsUDLhpGQJCHvysTiacqN1PS+dJpWj1I1W+f N4s8p36hK+XnE1ddXVNzu4n45JEWZG1pihg2OThaOnS4QyGPZsitHw+WkDhlyjRo Cv6Hcc218p9Y1Lp9cL9TugrGB3tZ2JlKHs4NIRpSOiP4O04ir7flLFlIg95T/Zho MEIRFcc85mwzS/VznX4dog5EgHtfR6+KsA5U+Wd3FmYAbPur+GfjrrctFCyciqFt GxudeoXkEfnLAkcbx451EMdnYug4JPX87gnFJJBrS1YPTt80vlvxnB2HmGVP0CyE hduAi4luiuXIjJYKSLP9 =mAhI -----END PGP SIGNATURE-----