[SECURITY] [DLA 2658-1] redmine security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 2658-1] redmine security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Thu, 13 May 2021 10:43:51 +0200 (CEST)
Message-id: <[🔎] 20210513084351.A7E4F2A3D14@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2658-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
May 13, 2021                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : redmine
Version        : 3.3.1-4+deb9u4
CVE ID         : CVE-2019-25026 CVE-2020-36306 CVE-2020-36307 CVE-2020-36308
                 CVE-2021-30163 CVE-2021-30164 CVE-2021-31863 CVE-2021-31864
                 CVE-2021-31865 CVE-2021-31866

Several issues were found in Redmine, a project management web application,
which could lead to cross-site scripting, information disclosure, and reading
arbitrary files from the server.

For Debian 9 stretch, these problems have been fixed in version
3.3.1-4+deb9u4.

We recommend that you upgrade your redmine packages.

For the detailed security status of redmine please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/redmine

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmCc5sEACgkQnUbEiOQ2
gwI/vw/7B+ZkGdd6ZMhG7tqrG/i4US7eSH+jnr0RT6ccXNMB6Q4N0vg1efoV+LZZ
bxT4vLZxbeGLveIfGr/xhTaWI/EI9l7a7goYrpQZ8HAD/hfoSbKDUdCAa19UTnKm
xUqrVM7IY9pvcnlsjNB8Pc0lY5EUxoNLaX7NovdDPwDipY+D2svZhi4MBOxQIbnl
xl64GThUW3KevIaGPlCm5/dACtLvnmsa+TdHQn+cTeuYpMsM+EmeR4gJdrqGv5XH
+KhniNNAzRWNGNECM6n3kVHzWmYK9PnRBGfNHGjDt6cqyttDYtG4cAaJV5AwIySt
0BddhVXHjll0EQx78VdoxwRjIUCj59jcET2TcMZBT1B+beZG5jn/b3e1VLUVneXz
g6KBEsZZfWWgvm9HpzAb2BT+TCCXp3qaJOVjTT4TqNEmuZ0XeNuUmLPcFlpfl/h7
y6Vj6GoXVWpGLxtrznpDKOs8GcvlVSWg07MfTiXfCe93pXvEj/neCJKDGVRJuuki
tzL3f1zNbbW9l61Nh2nYdinorXPlc7puheQjab6Da/NvayesQwi4YODDBKBpzY3r
UkRoBdqwnR+Bag79/eEtrJc6tmUtmbMHK1bl4NnO+QLIHMX2DKnUq5KOhdGjeR96
wBank5WW8lpdXtAJKqxwX8MIleqY5aFKiZtbtGLhW2KCT/L4cTE=
=92fg
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2657-1] lz4 security update
Next by Date: [SECURITY] [DLA 2659-1] graphviz security update
Previous by thread: [SECURITY] [DLA 2657-1] lz4 security update
Next by thread: [SECURITY] [DLA 2659-1] graphviz security update
Index(es):
- Date
- Thread