CVE-2019-25026:
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.
CVE-2020-36306:
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
CVE-2020-36307:
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
CVE-2020-36308:
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.
CVE-2021-30163:
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.
CVE-2021-30164:
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.
CVE-2021-30163:
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.
CVE-2021-30164:
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.
The package has not entered testing even though the delay is over
normal
The package has not entered testing even though the 20-day delay is over.Check why.
1 new commit since last upload, is it time to release?
normal
vcswatch reports that
this package seems to have new commits in its VCS but has
not yet updated debian/changelog. You should consider updating
the Debian changelog and uploading this new version into the archive.
Here are the relevant commit logs:
commit 95004a92c4c39b6ded8cd30c89179f14f1208d00
Author: Cédric Boutillier <boutil@debian.org>
Date: Tue Sep 1 13:31:32 2020 +0000
[ci skip] Update team name
piuparts found (un)installation error(s)
normal
Piuparts stresses package installation, uninstallation, upgrade, ... While doing such tests, one or more errors were found for the following suites: