Your message dated Sat, 25 May 2024 19:32:09 +0000
with message-id <e1sax7h-00ehjm...@fasolo.debian.org>
and subject line Bug#1055474: fixed in redmine 5.0.4-5+deb12u1
has caused the Debian Bug report #1055474,
regarding redmine: CVE-2023-47258 CVE-2023-47259 CVE-2023-47260
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1055474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055474
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: redmine
Version: 5.0.4-7
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerabilities were published for redmine.
CVE-2023-47258[0]:
| Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a
| Markdown formatter.
CVE-2023-47259[1]:
| Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the
| Textile formatter.
CVE-2023-47260[2]:
| Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via
| thumbnails.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-47258
https://www.cve.org/CVERecord?id=CVE-2023-47258
[1] https://security-tracker.debian.org/tracker/CVE-2023-47259
https://www.cve.org/CVERecord?id=CVE-2023-47259
[2] https://security-tracker.debian.org/tracker/CVE-2023-47260
https://www.cve.org/CVERecord?id=CVE-2023-47260
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: redmine
Source-Version: 5.0.4-5+deb12u1
Done: Moritz Mühlenhoff <j...@debian.org>
We believe that the bug you reported is fixed in the latest version of
redmine, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1055...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <j...@debian.org> (supplier of updated redmine package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 22 May 2024 19:53:22 +0200
Source: redmine
Architecture: source
Version: 5.0.4-5+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Ruby Team
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Moritz Mühlenhoff <j...@debian.org>
Closes: 1055474
Changes:
redmine (5.0.4-5+deb12u1) bookworm-security; urgency=medium
.
* CVE-2023-47258 / CVE-2023-47259 / CVE-2023-47260 (Closes: #1055474)
Checksums-Sha1:
37566e5d36f36f1725652317be1f1e12a09a568f 3397 redmine_5.0.4-5+deb12u1.dsc
2cacdad65c92107403dc7825285a01af50193200 1882896 redmine_5.0.4.orig.tar.xz
e0386a5e30bfef40cb57210583d397afea3869cb 181040
redmine_5.0.4-5+deb12u1.debian.tar.xz
a47e047f4136c7f81c9c85d979d55e9593431bf5 14204
redmine_5.0.4-5+deb12u1_amd64.buildinfo
Checksums-Sha256:
1e1174b4508f3881c170603dac68191c9e2007b8b75770a029ab6ee5d44acab6 3397
redmine_5.0.4-5+deb12u1.dsc
6fccf53629e8beaa6b0c5020a24f5c66acbb7b546d4e6f3fb62974d5e9274ec6 1882896
redmine_5.0.4.orig.tar.xz
d57b13f4b3f30eef2a0fecaec76b66c1e0db3653f56531cde6d3111b3580828f 181040
redmine_5.0.4-5+deb12u1.debian.tar.xz
8a8363a41937177b7f6abefe1e731a9d12f7c6aeb39f65a89e95c70bbff40d68 14204
redmine_5.0.4-5+deb12u1_amd64.buildinfo
Files:
33f796d2e0b633dfefdd06e41e5e6f29 3397 web optional redmine_5.0.4-5+deb12u1.dsc
b260593aa05fd253f7742b856e061cde 1882896 web optional redmine_5.0.4.orig.tar.xz
af9116dd0d61dda19182ddfd6e8ef00d 181040 web optional
redmine_5.0.4-5+deb12u1.debian.tar.xz
f7e84c6cb6426a837f8d44a843694f9e 14204 web optional
redmine_5.0.4-5+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZOMSAACgkQEMKTtsN8
TjaqRBAAsAl3fOX8SHjoUkwvyKodzfRaErU5JKugPUrgYnq1BwxoFQ+KQuBkGxJa
SHXk9SAxsQdaqE3t6W/kGdVSS/N+8S8+QqdjlNVg7DEuVow2NgjRw4wNPUrRdqwP
Ytz6jk7uUv50mUDT9AkNHprF9uTPVoE8orkUgFlSd+QjKWIsfMowc1n2lAjiz/QC
nLLu1PiGfgqlAIia79ANbLbxSnpFsDCreW70v7tNARPuI+kpVUeJfNZ8JrUYasIV
HLdt1dCsEHeNh3e8y5XKUXm34qh/VUb+FwJAPT9vnOEuqRxxiphPMbbOAxcTFtFu
HetU7sHwtRbG9QMJjdAisOZKuVqsxBnz/uaR+ElR5Vo2d7yfPsAvIrlrPDNzZtaG
ZoMBPczrROBHjpLfJhXf0gONfLxpqr4+bfaXvfneoKfiyJPTiBm9OmUK5z7cXFII
rCwJ2ZhQ8rYewf5Qm8q62eQ+KFDmAowHOkmNRzJGSn0SyuRIVWVsr45gnPT7lAqF
ZGQ6Yfh8jmYiM8HkY5HDQIA4nqLyGMZRkEQKM98TQyjjTD3KbFnIHse4MzUiWif6
5hXgxXcFFQt53t1S+dU6t47vT2J7KH5JT5XtvmfNj0RLfpSiy8c54Dn8andFZfuG
KRHDSYBJxaD8lSJ5/NcVyNeEnFY6KbMmFzg7K5KoBHFVi2lYKGI=
=I9mR
-----END PGP SIGNATURE-----
pgp0xj8x7xqf1.pgp
Description: PGP signature
--- End Message ---
