Debian Security Advisory

DLA-351-1 redmine -- LTS security update

Date Reported:
26 Nov 2015
Affected Packages:
redmine
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2015-8346.
More information:

It was discovered that there was a data disclosure vulnerability in Redmine, a web-based bug and project management tool.

The time logging form could disclose subjects of issues that are not visible/public. Patch by Holger Just.

For Debian 6 Squeeze, this issue has been fixed in redmine version 1.0.1-2+deb6u11.