Your message dated Tue, 29 Apr 2014 09:22:11 +0000
with message-id <e1wf4et-0002wa...@franck.debian.org>
and subject line Bug#743828: fixed in redmine 2.5.1-1
has caused the Debian Bug report #743828,
regarding redmine: security: CVE-2014-1985: open redirector issue
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
743828: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743828
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: redmine
Severity: serious
Tags: security
Quoting from:
http://www.openwall.com/lists/oss-security/2014/04/06/1
> Redmine versions 2.4.5 and 2.5.1 fixed an open redirector issue. The
> code verifying the redirection URIs accepted scheme-relative URIs
> which can lead to different hosts:
>
> http://www.redmine.org/projects/redmine/wiki/Security_Advisories
> http://www.redmine.org/projects/redmine/wiki/Changelog
> https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3.patch
This issue is present in all redmine versions.
--
bye,
pabs
http://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Source: redmine
Source-Version: 2.5.1-1
We believe that the bug you reported is fixed in the latest version of
redmine, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 743...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Surý <ond...@debian.org> (supplier of updated redmine package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 29 Apr 2014 09:38:26 +0200
Source: redmine
Binary: redmine redmine-mysql redmine-pgsql redmine-sqlite
Architecture: source all
Version: 2.5.1-1
Distribution: unstable
Urgency: medium
Maintainer: Jérémy Lal <kapo...@melix.org>
Changed-By: Ondřej Surý <ond...@debian.org>
Description:
redmine - flexible project management web application
redmine-mysql - metapackage providing MySQL dependencies for Redmine
redmine-pgsql - metapackage providing PostgreSQL dependencies for Redmine
redmine-sqlite - metapackage providing sqlite dependencies for Redmine
Closes: 743828
Changes:
redmine (2.5.1-1) unstable; urgency=medium
.
* Add ruby-i18n (>= 0.6.9-1~) dependency to unbreak upgrades in backports
* New upstream version 2.5.1 (Closes: #743828)
* Refresh patches for 2.5.1 release
Checksums-Sha1:
ad55b769723547855d0ed47a876edfc7e1a6aaf4 2247 redmine_2.5.1-1.dsc
215a21c850d48ff5c7399b5c3192961e2e591c0f 2147272 redmine_2.5.1.orig.tar.gz
f3add40c5785172122939ec001ad052b157a6ac1 36076 redmine_2.5.1-1.debian.tar.xz
97517f02308843ab33c5bf53ad554ea0efb3dba8 4622318 redmine_2.5.1-1_all.deb
ac2ce6b743f3610661d52eb690e20e298f7800b2 67698 redmine-mysql_2.5.1-1_all.deb
806660b5b56ea185bbf00136e1da8cfd8951c2ab 67660 redmine-pgsql_2.5.1-1_all.deb
30247504edb3c3e7f57a315e8ca0a0c2cd3cf171 67646 redmine-sqlite_2.5.1-1_all.deb
Checksums-Sha256:
4113bbd94dccf56f4f3455e7f4c75f947355f135ab7d39d7baa85a66afe2e671 2247
redmine_2.5.1-1.dsc
4c423ba583991d2f484c0f552bb3f6d80efa680f69b7f3a1da4d3aba0c4be0a3 2147272
redmine_2.5.1.orig.tar.gz
beebfc73df213e9d321eaaf9f90d5ce0b5800eb8830b93632b57559c40967177 36076
redmine_2.5.1-1.debian.tar.xz
452e2dc50af22524e2168842eb3cc31ebda5998dfa4c79e931f08bfbab73ea60 4622318
redmine_2.5.1-1_all.deb
cdcb1fac92356affcdfda3f149a5cf57901023027e773fefc7ef07926474ee7c 67698
redmine-mysql_2.5.1-1_all.deb
4a463b0eb18e22fe4d9512c5e20d2ede9ce3651780a0fec97c4974912bd533c8 67660
redmine-pgsql_2.5.1-1_all.deb
92981212b08648caa41ffac07c14da147dcd7d6a1fb2ad81092bbfb1fe32c262 67646
redmine-sqlite_2.5.1-1_all.deb
Files:
0e39a43f671e6d0cc8186a3c7b52f43b 4622318 web extra redmine_2.5.1-1_all.deb
8fa30f87307c3f8ebbdf8a2f777273a0 67698 web extra redmine-mysql_2.5.1-1_all.deb
62b06262d5c81661c590c9af732146fd 67660 web extra redmine-pgsql_2.5.1-1_all.deb
420996c31e0aa2601100124a0c036e95 67646 web extra redmine-sqlite_2.5.1-1_all.deb
1c64c016e07de1103910b9651c40761b 2247 web extra redmine_2.5.1-1.dsc
fa2d871e478b37b35b0dabadf1192335 2147272 web extra redmine_2.5.1.orig.tar.gz
809d263c0a58f52ddd5decdabb9d04e0 36076 web extra redmine_2.5.1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJTX124AAoJEAyZtw70/LsHtJ0QAIVPXSqSSNo8tL30LoHN3CWo
Pwk87CUYM1S6b2xjcF9g0J517Lk8N5p65YlWY+00jx+IvW0QjLSmZ2Lt3ux8MhV1
aGnj8z70taUR/IKq1VLg1nWI8eXoIqgAPhVufjAylef7q+v5iulJ2Yvy36ivJ0F/
7Z//yQIqyHSaYmrgVmWy6ssQNNs2J5Ky5Vkq9clfNH1nDVnSKDZ5d6BA6v0Qw93R
JwH6cgnQHLUMCqFRPThXylmwWZ7iyUjYLt2+8kwaV6CNW7OT1KxquG0YHfbkKEr4
Er8EYganh0sd38x6z45rodY+Dyd/5F6b4gg9yo73sjkxOi81hSud8T9dzmZP6Agh
6sLot1bXrIn3nKsQTY1H/OceNIi1CuwhvZxvOpwtXPsfpqX6TfrWZcgi5+Fq4A4G
YuBGNOc35toyor3X32IyPuyHCq1vQ/JD7b2nzAJO6W1S+iWgLXrKz/3q7LsH6y8n
KyvuVJsJ5qL9J/YkHMXB6Udkvb/tCDRAWSLTfGLHiNdzvnbk6tv+KtWzgl0/DcSk
zsq6fQRhnGASKE8+4Ao4/u+UlEV61y/wITAkikH/MGOJWeO1augYxBfquuQ4pbko
d6n5sBtxx9vh/Lp5Dt3+GxdMzLJ2TNQfK9Obd4/GjLvdTEFvkKbWMZm8TRMnTl1R
h3z8jihh5Yc3KeTrdsG1
=ZL/0
-----END PGP SIGNATURE-----
--- End Message ---
