Your message dated Tue, 29 Apr 2014 09:22:11 +0000 with message-id <e1wf4et-0002wa...@franck.debian.org> and subject line Bug#743828: fixed in redmine 2.5.1-1 has caused the Debian Bug report #743828, regarding redmine: security: CVE-2014-1985: open redirector issue to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 743828: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743828 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: redmine Severity: serious Tags: security Quoting from: http://www.openwall.com/lists/oss-security/2014/04/06/1 > Redmine versions 2.4.5 and 2.5.1 fixed an open redirector issue. The > code verifying the redirection URIs accepted scheme-relative URIs > which can lead to different hosts: > > http://www.redmine.org/projects/redmine/wiki/Security_Advisories > http://www.redmine.org/projects/redmine/wiki/Changelog > https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3.patch This issue is present in all redmine versions. -- bye, pabs http://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---Source: redmine Source-Version: 2.5.1-1 We believe that the bug you reported is fixed in the latest version of redmine, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 743...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ondřej Surý <ond...@debian.org> (supplier of updated redmine package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 29 Apr 2014 09:38:26 +0200 Source: redmine Binary: redmine redmine-mysql redmine-pgsql redmine-sqlite Architecture: source all Version: 2.5.1-1 Distribution: unstable Urgency: medium Maintainer: Jérémy Lal <kapo...@melix.org> Changed-By: Ondřej Surý <ond...@debian.org> Description: redmine - flexible project management web application redmine-mysql - metapackage providing MySQL dependencies for Redmine redmine-pgsql - metapackage providing PostgreSQL dependencies for Redmine redmine-sqlite - metapackage providing sqlite dependencies for Redmine Closes: 743828 Changes: redmine (2.5.1-1) unstable; urgency=medium . * Add ruby-i18n (>= 0.6.9-1~) dependency to unbreak upgrades in backports * New upstream version 2.5.1 (Closes: #743828) * Refresh patches for 2.5.1 release Checksums-Sha1: ad55b769723547855d0ed47a876edfc7e1a6aaf4 2247 redmine_2.5.1-1.dsc 215a21c850d48ff5c7399b5c3192961e2e591c0f 2147272 redmine_2.5.1.orig.tar.gz f3add40c5785172122939ec001ad052b157a6ac1 36076 redmine_2.5.1-1.debian.tar.xz 97517f02308843ab33c5bf53ad554ea0efb3dba8 4622318 redmine_2.5.1-1_all.deb ac2ce6b743f3610661d52eb690e20e298f7800b2 67698 redmine-mysql_2.5.1-1_all.deb 806660b5b56ea185bbf00136e1da8cfd8951c2ab 67660 redmine-pgsql_2.5.1-1_all.deb 30247504edb3c3e7f57a315e8ca0a0c2cd3cf171 67646 redmine-sqlite_2.5.1-1_all.deb Checksums-Sha256: 4113bbd94dccf56f4f3455e7f4c75f947355f135ab7d39d7baa85a66afe2e671 2247 redmine_2.5.1-1.dsc 4c423ba583991d2f484c0f552bb3f6d80efa680f69b7f3a1da4d3aba0c4be0a3 2147272 redmine_2.5.1.orig.tar.gz beebfc73df213e9d321eaaf9f90d5ce0b5800eb8830b93632b57559c40967177 36076 redmine_2.5.1-1.debian.tar.xz 452e2dc50af22524e2168842eb3cc31ebda5998dfa4c79e931f08bfbab73ea60 4622318 redmine_2.5.1-1_all.deb cdcb1fac92356affcdfda3f149a5cf57901023027e773fefc7ef07926474ee7c 67698 redmine-mysql_2.5.1-1_all.deb 4a463b0eb18e22fe4d9512c5e20d2ede9ce3651780a0fec97c4974912bd533c8 67660 redmine-pgsql_2.5.1-1_all.deb 92981212b08648caa41ffac07c14da147dcd7d6a1fb2ad81092bbfb1fe32c262 67646 redmine-sqlite_2.5.1-1_all.deb Files: 0e39a43f671e6d0cc8186a3c7b52f43b 4622318 web extra redmine_2.5.1-1_all.deb 8fa30f87307c3f8ebbdf8a2f777273a0 67698 web extra redmine-mysql_2.5.1-1_all.deb 62b06262d5c81661c590c9af732146fd 67660 web extra redmine-pgsql_2.5.1-1_all.deb 420996c31e0aa2601100124a0c036e95 67646 web extra redmine-sqlite_2.5.1-1_all.deb 1c64c016e07de1103910b9651c40761b 2247 web extra redmine_2.5.1-1.dsc fa2d871e478b37b35b0dabadf1192335 2147272 web extra redmine_2.5.1.orig.tar.gz 809d263c0a58f52ddd5decdabb9d04e0 36076 web extra redmine_2.5.1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJTX124AAoJEAyZtw70/LsHtJ0QAIVPXSqSSNo8tL30LoHN3CWo Pwk87CUYM1S6b2xjcF9g0J517Lk8N5p65YlWY+00jx+IvW0QjLSmZ2Lt3ux8MhV1 aGnj8z70taUR/IKq1VLg1nWI8eXoIqgAPhVufjAylef7q+v5iulJ2Yvy36ivJ0F/ 7Z//yQIqyHSaYmrgVmWy6ssQNNs2J5Ky5Vkq9clfNH1nDVnSKDZ5d6BA6v0Qw93R JwH6cgnQHLUMCqFRPThXylmwWZ7iyUjYLt2+8kwaV6CNW7OT1KxquG0YHfbkKEr4 Er8EYganh0sd38x6z45rodY+Dyd/5F6b4gg9yo73sjkxOi81hSud8T9dzmZP6Agh 6sLot1bXrIn3nKsQTY1H/OceNIi1CuwhvZxvOpwtXPsfpqX6TfrWZcgi5+Fq4A4G YuBGNOc35toyor3X32IyPuyHCq1vQ/JD7b2nzAJO6W1S+iWgLXrKz/3q7LsH6y8n KyvuVJsJ5qL9J/YkHMXB6Udkvb/tCDRAWSLTfGLHiNdzvnbk6tv+KtWzgl0/DcSk zsq6fQRhnGASKE8+4Ao4/u+UlEV61y/wITAkikH/MGOJWeO1augYxBfquuQ4pbko d6n5sBtxx9vh/Lp5Dt3+GxdMzLJ2TNQfK9Obd4/GjLvdTEFvkKbWMZm8TRMnTl1R h3z8jihh5Yc3KeTrdsG1 =ZL/0 -----END PGP SIGNATURE-----
--- End Message ---