[DRE-maint] [Bug 959187]
Jamie Strandboge
jamie at ubuntu.com
Sun Mar 25 15:27:56 UTC 2012
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is available, members of the security team will review it and
publish the package. See the following link for more information:
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
** Changed in: redmine (Ubuntu)
Status: New => Confirmed
** Also affects: redmine (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: redmine (Ubuntu Precise)
Importance: Undecided
Status: Confirmed
** Changed in: redmine (Ubuntu Lucid)
Status: New => Confirmed
** Changed in: redmine (Ubuntu Precise)
Status: Confirmed => Fix Released
--
You received this bug notification because you are subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/959187
Title:
Mass assignment security vulnerability in Redmine
Status in “redmine” package in Ubuntu:
Fix Released
Status in “redmine” source package in Lucid:
Confirmed
Status in “redmine” source package in Precise:
Fix Released
Bug description:
Redmine has many mass assignment security vulnerabilities. See
http://www.redmine.org/issues/10390 for details.
Version 0.9.3-1 (Lucid Lynx) seems to be affected. Upstream reported
version 1.3.0 (Precise Pangolin) and 1.3.1 as vulnerable.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/redmine/+bug/959187/+subscriptions
More information about the Pkg-ruby-extras-maintainers
mailing list