[SECURITY] [DLA 2658-1] redmine security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2658-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
May 13, 2021 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : redmine
Version : 3.3.1-4+deb9u4
CVE ID : CVE-2019-25026 CVE-2020-36306 CVE-2020-36307 CVE-2020-36308
CVE-2021-30163 CVE-2021-30164 CVE-2021-31863 CVE-2021-31864
CVE-2021-31865 CVE-2021-31866
Several issues were found in Redmine, a project management web application,
which could lead to cross-site scripting, information disclosure, and reading
arbitrary files from the server.
For Debian 9 stretch, these problems have been fixed in version
3.3.1-4+deb9u4.
We recommend that you upgrade your redmine packages.
For the detailed security status of redmine please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/redmine
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmCc5sEACgkQnUbEiOQ2
gwI/vw/7B+ZkGdd6ZMhG7tqrG/i4US7eSH+jnr0RT6ccXNMB6Q4N0vg1efoV+LZZ
bxT4vLZxbeGLveIfGr/xhTaWI/EI9l7a7goYrpQZ8HAD/hfoSbKDUdCAa19UTnKm
xUqrVM7IY9pvcnlsjNB8Pc0lY5EUxoNLaX7NovdDPwDipY+D2svZhi4MBOxQIbnl
xl64GThUW3KevIaGPlCm5/dACtLvnmsa+TdHQn+cTeuYpMsM+EmeR4gJdrqGv5XH
+KhniNNAzRWNGNECM6n3kVHzWmYK9PnRBGfNHGjDt6cqyttDYtG4cAaJV5AwIySt
0BddhVXHjll0EQx78VdoxwRjIUCj59jcET2TcMZBT1B+beZG5jn/b3e1VLUVneXz
g6KBEsZZfWWgvm9HpzAb2BT+TCCXp3qaJOVjTT4TqNEmuZ0XeNuUmLPcFlpfl/h7
y6Vj6GoXVWpGLxtrznpDKOs8GcvlVSWg07MfTiXfCe93pXvEj/neCJKDGVRJuuki
tzL3f1zNbbW9l61Nh2nYdinorXPlc7puheQjab6Da/NvayesQwi4YODDBKBpzY3r
UkRoBdqwnR+Bag79/eEtrJc6tmUtmbMHK1bl4NnO+QLIHMX2DKnUq5KOhdGjeR96
wBank5WW8lpdXtAJKqxwX8MIleqY5aFKiZtbtGLhW2KCT/L4cTE=
=92fg
-----END PGP SIGNATURE-----
Reply to: