Accepted redmine 3.3.1-4+deb9u3 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

2019-11-24 Thread Lucas Kanashiro 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 18 Nov 2019 18:46:42 -0300
Source: redmine
Binary: redmine redmine-mysql redmine-pgsql redmine-sqlite
Architecture: source all
Version: 3.3.1-4+deb9u3
Distribution: stretch-security
Urgency: high
Maintainer: Antonio Terceiro 
Changed-By: Lucas Kanashiro 
Description:
 redmine- flexible project management web application
 redmine-mysql - metapackage providing MySQL dependencies for Redmine
 redmine-pgsql - metapackage providing PostgreSQL dependencies for Redmine
 redmine-sqlite - metapackage providing sqlite dependencies for Redmine
Changes:
 redmine (3.3.1-4+deb9u3) stretch-security; urgency=high
 .
   * Fix CVE-2019-17427: persistent XSS exists due to textile formatting
 errors.
   * Fix CVE-2019-18890: SQL injection vulnerability
Checksums-Sha1:
 66f38263cfa69c6e25c192150589a51a0f0643d5 2838 redmine_3.3.1-4+deb9u3.dsc
 2845e0111a25f0275514ec2a966e23657b9aa35f 2350320 redmine_3.3.1.orig.tar.gz
 7ce70d55714f2167e085f59e617fd861dea5af37 249540 
redmine_3.3.1-4+deb9u3.debian.tar.xz
 160c655e3e973fc34d627cec7cfd0db404a99257 87760 
redmine-mysql_3.3.1-4+deb9u3_all.deb
 d8504b7698466cc48ea54ad6f3112c9ec474314a 87734 
redmine-pgsql_3.3.1-4+deb9u3_all.deb
 06332aefd98a0cee1795c0764c48c1f61c8e1469 87708 
redmine-sqlite_3.3.1-4+deb9u3_all.deb
 c0a9bb4be5a42e42dc9c858ed022253123ca371f 1222852 redmine_3.3.1-4+deb9u3_all.deb
 c9c5fa727585161c172ea22a1144fd334ec8cb9f 10478 
redmine_3.3.1-4+deb9u3_amd64.buildinfo
Checksums-Sha256:
 49b8db906dea33bf45c17dada5e58474dd72794f553f0e6f01621728350c0b7f 2838 
redmine_3.3.1-4+deb9u3.dsc
 89c5a3ee1d1a3a956795fe253e4dc0c5de886f5495ddb2a0f8b6634a104c07c8 2350320 
redmine_3.3.1.orig.tar.gz
 fa4267410ff86f244d82bc5afdf7a20bcb506875c6b89bae8d35a8e587c577e9 249540 
redmine_3.3.1-4+deb9u3.debian.tar.xz
 bd1529843eb258ab186121132477ba7ad25ee65e47100994b1130c1b33fe0155 87760 
redmine-mysql_3.3.1-4+deb9u3_all.deb
 958acdcb969b659b7029b2c709c9aa8c13a67fbd667afb8007ad055b2d31ea57 87734 
redmine-pgsql_3.3.1-4+deb9u3_all.deb
 e6b9f05139a0f24a23b8943ecd6bc8c72701295afbec3b243623094c294de068 87708 
redmine-sqlite_3.3.1-4+deb9u3_all.deb
 58d5e514e9bee84d219ba4a4943a18fb71a693fb36ba0c0ee1f138e13d17eb21 1222852 
redmine_3.3.1-4+deb9u3_all.deb
 c3757611a961eb247e36477f0f0a193888a3ce4875e8e9b9c94bf594ea181db0 10478 
redmine_3.3.1-4+deb9u3_amd64.buildinfo
Files:
 cfd3980c00e8786286840f7089723858 2838 web extra redmine_3.3.1-4+deb9u3.dsc
 bfa69f3bb3d1792d7a503e0d0c940349 2350320 web extra redmine_3.3.1.orig.tar.gz
 40daaa2099c88c25b79dc58724d9e155 249540 web extra 
redmine_3.3.1-4+deb9u3.debian.tar.xz
 6cf7ee16e62939b7bbf28aabcd4e6235 87760 web extra 
redmine-mysql_3.3.1-4+deb9u3_all.deb
 6db88dff5678032ea7cf90430e8868e2 87734 web extra 
redmine-pgsql_3.3.1-4+deb9u3_all.deb
 1c462409ed0540517ebdda9766e6a4b2 87708 web extra 
redmine-sqlite_3.3.1-4+deb9u3_all.deb
 34ad5b240399bb5de0d66b502a413b8a 1222852 web extra 
redmine_3.3.1-4+deb9u3_all.deb
 fb586a08d7763deb6bf083136838169b 10478 web extra 
redmine_3.3.1-4+deb9u3_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJSBAEBCAA8FiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAl3TEyMeHGx1Y2FzLmth
bmFzaGlyb0BjYW5vbmljYWwuY29tAAoJEPgjonKYg8l8PDwP/0y2+QCMzlv0Ymte
OUvlmhpUW07ug2+fuR3t9+N9x/dtXRfqn+Zzqa61uFYJL967ZWUrjSiwh8NQR4O+
rKjoKd+oTu76VChAaecz/QWKbrDx1pgASuE+rbJpS+DT/zf2zpaPDSdi0zWQ4lWu
cfZAESB3lvpRTcwN6WvDOw386v6cDKAbd3KfjOm9B6uHLuRKOMTna0Fl/8mUk2ld
4M/mkD7QA+RVKhR/D1I4YpQIZmexRH0qm8BqNnYHYwRXb9A7mdX0/uZGb6GdSyHv
MBjPle3DHt1tZZMI8a/WxN4/RXtR3nxNTSWjIWBLAI+461z41dbRX2VW2/eyuO55
6CCAUDKZ+vm/VZBD777JUAOvsQZh9EDv9F30T/RRQvQDX2E4isb4wjht/2HrC+fO
SuQ0XKHZZDb15te+VUWbThB7aU2wUv6JKdw3HFMh1aPLaF9eTo/kJ6f+JVAmG0kp
tDRi8jmMwBqc5O0iL5I0S8elVIvW7CBfgnFqmD8+de+NArnKlaD2Fd82O65PNrZw
Wq1TKzLrHuOJTorC/3wyylGkabMd/CAehiKPLvm7nEul+Kv79pLk35v6MkV6+Uun
p+5Dtfu2AFg1isLPuC2srUs9VEGKFmqwENaImyt07wwh6ZlmkuGUybCawwVeBp/V
S7arhqBRS7R8JZsb8ZHoUVnqa5Ue
=yBuG
-END PGP SIGNATURE-

Accepted redmine 3.3.1-4+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates

2018-05-07 Thread Lucas Kanashiro 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 12 Apr 2018 11:33:06 -0300
Source: redmine
Binary: redmine redmine-mysql redmine-pgsql redmine-sqlite
Architecture: source all
Version: 3.3.1-4+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Antonio Terceiro 
Changed-By: Lucas Kanashiro 
Description:
 redmine- flexible project management web application
 redmine-mysql - metapackage providing MySQL dependencies for Redmine
 redmine-pgsql - metapackage providing PostgreSQL dependencies for Redmine
 redmine-sqlite - metapackage providing sqlite dependencies for Redmine
Changes:
 redmine (3.3.1-4+deb9u1) stretch-security; urgency=high
 .
   * Fix CVE-2017-15568: XSS exists in app/helpers/application_helper.rb via a
 multi-value field with a crafted value that is mishandled during rendering
 of issue history.
   * Fix CVE-2017-15569: XSS exists in app/helpers/queries_helper.rb via a
 multi-value field with a crafted value that is mishandled during rendering
 of an issue list.
   * Fix CVE-2017-15570: XSS exists in app/views/timelog/_list.html.erb via
 crafted column data.
   * Fix CVE-2017-15571: XSS exists in app/views/issues/_list.html.erb via
 crafted column data.
   * Fix CVE-2017-15572: remote attackers can obtain sensitive information
 (password reset tokens) by reading a Referer log, because
 account/lost_password does not use a redirect.
   * Fix CVE-2017-15573: XSS exists because markup is mishandled in wiki
 content.
   * Fix CVE-2017-15574: stored XSS is possible by using an SVG document as an
 attachment.
   * Fix CVE-2017-15575: Redmine.pm lacks a check for whether the Repository
 module is enabled in a project's settings, which might allow remote
 attackers to obtain sensitive differences information or possibly have
 unspecified other impact.
   * Fix CVE-2017-15576: mishandle Time Entry rendering in activity views,
 which allows remote attackers to obtain sensitive information.
   * Fix CVE-2017-15577: mishandle the rendering of wiki links, which allows
 remote attackers to obtain sensitive information.
   * Fix CVE-2017-16804: the reminders function in app/models/mailer.rb does
 not check whether an issue is visible, which allows remote authenticated
 users to obtain sensitive information by reading e-mail reminder messages.
   * Fix CVE-2017-18026: do not block the --config and --debugger flags to
 the Mercurial hg program, which allows remote attackers to execute
 arbitrary commands (through the Mercurial adapter) via vectors involving a
 branch whose name begins with a --config= or --debugger= substring.
Checksums-Sha1:
 da546ce2f61e872c61e5c27414e1db568e993384 2826 redmine_3.3.1-4+deb9u1.dsc
 2845e0111a25f0275514ec2a966e23657b9aa35f 2350320 redmine_3.3.1.orig.tar.gz
 6da322855d80ff17ebf478ec4050d2b4405e96f6 248680 
redmine_3.3.1-4+deb9u1.debian.tar.xz
 0719eae3325995a20aade0c5e034e1ebf651ccd5 87482 
redmine-mysql_3.3.1-4+deb9u1_all.deb
 bbd07e3dc53a4756e9f0e39ba0a490d3bb32983d 87450 
redmine-pgsql_3.3.1-4+deb9u1_all.deb
 2e55b721563c23e8714f326db398d71981c213da 87426 
redmine-sqlite_3.3.1-4+deb9u1_all.deb
 44f3a0bf0a287157a9415407cc54b6af3e3a344c 1222442 redmine_3.3.1-4+deb9u1_all.deb
 568a266f4388bb7fdd9bd6027dd1ee601e2cd8a1 9839 
redmine_3.3.1-4+deb9u1_amd64.buildinfo
Checksums-Sha256:
 6109e279da5c0f64ef97fa8ef3dec5e05ef2d84897ddc99484c0d519b7ef5e5c 2826 
redmine_3.3.1-4+deb9u1.dsc
 89c5a3ee1d1a3a956795fe253e4dc0c5de886f5495ddb2a0f8b6634a104c07c8 2350320 
redmine_3.3.1.orig.tar.gz
 241ff487e2255f4f978593cda8ea4dbfd2f53641c225575efdff81672a797026 248680 
redmine_3.3.1-4+deb9u1.debian.tar.xz
 2ee6117bc415bb508ec93b2aec20a57ee3a0a3e9e71305db7c68f0f15d9f2b91 87482 
redmine-mysql_3.3.1-4+deb9u1_all.deb
 8719e15c5bbfa16786193a24c30a42e552a0af58b01c42657bca104161a15372 87450 
redmine-pgsql_3.3.1-4+deb9u1_all.deb
 9b0398372409457c63b4279d5e63d010a86fb57813830ec5b3a58868a3662d3b 87426 
redmine-sqlite_3.3.1-4+deb9u1_all.deb
 81324e194a4ae438d25baf8158bb2340980ef485e9fd1f86ae0d710c419fd3f4 1222442 
redmine_3.3.1-4+deb9u1_all.deb
 c9eff628e574e4adda202967e1bc05ee1f1f76474472f0fac630d6b09c8ad28c 9839 
redmine_3.3.1-4+deb9u1_amd64.buildinfo
Files:
 6b554521ce057f389805cfe0adf0194c 2826 web extra redmine_3.3.1-4+deb9u1.dsc
 bfa69f3bb3d1792d7a503e0d0c940349 2350320 web extra redmine_3.3.1.orig.tar.gz
 18c7fcf1f0b1bfb22b80f3851481a7b2 248680 web extra 
redmine_3.3.1-4+deb9u1.debian.tar.xz
 29a7e8aa8af2b858309d49c5e33eebde 87482 web extra 
redmine-mysql_3.3.1-4+deb9u1_all.deb
 b99cc8f0b842e0570c1e361fe06dea62 87450 web extra 
redmine-pgsql_3.3.1-4+deb9u1_all.deb
 99ab89410027c82918d933555801afe6 87426 web extra 
redmine-sqlite_3.3.1-4+deb9u1_all.deb
 c3dd29aed02bde2c798c59bcc53f8340 1222442 web extra 
redmine_3.3.1-4+deb9u1_all.deb
 1728712d9ea568dc47a948a5cdf19adc 9839 web extra 
redmine_3.3.1-4+deb9u1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEjtbD+LrJ23/