[SECURITY] [DLA 2787-1] redmine security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2787-1] redmine security update
From: Sylvain Beucler <beuc@beuc.net>
Date: Mon, 18 Oct 2021 18:27:11 +0200
Message-id: <[🔎] 20211018162711.GA10152@mail.beuc.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2787-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Sylvain Beucler
October 18, 2021                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : redmine
Version        : 3.3.1-4+deb9u5
CVE ID         : CVE-2021-42326

Redmine, a project management web application, may disclose the names
of users on activity views due to an insufficient access filter.  An
attacker may infer information of users working on private projects.

For Debian 9 stretch, this problem has been fixed in version
3.3.1-4+deb9u5.

We recommend that you upgrade your redmine packages.

For the detailed security status of redmine please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/redmine

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmFtmj8ACgkQDTl9HeUl
XjAwaxAAo7s9h0/sJfN3eXIPYp9juxbhtavxwF/9YgU4wd+nCJVodIAwA1ubo7fy
8y7izjJ0QBv++vyhhP92TkZPsRM4U3Lwpy4KITOlYknhdxVrn8xqU9AhRwY8xCI6
BPejiZNPP7P1h98ehncdV2ZQ/ppZNyqXev2GOeFMmlRu4B1VXWJy1aa8H2oD/zoe
a2Z2wq++KVQy6lbu6CCi/0UfIgWfW3HGBKW0N9AZi6uDfMdW7/0gNthOJR3UNg8k
4DjU98xxFGFwRAlY2ekH2uXSJ9XfrOxwWXOPExlEb36ASSYF94BeKv8WjvT/216h
I6HIRGfsvvegMHw57zROP5Ic18+RHUbWow1J1H18fEKMZJ0BVpTPgKdAG7ml6sLn
k26BzCL5TIdJ2DrlcZ8YzFhChPMppntCSpzPhv+XKo1RoPxFsFHIlpL7TSGv93qN
Cu+COI1g8fNJuxiswauE0+QCQUTfBdhBZo34p+oo3UgPLv1mSSNSFn2aWoyM+w3L
sJl7a0J12GQEyUcj/h38hN/xYUTxQpEkxOFx8CEJagV1Cq7WgbKZGkagZ7398vkP
H9tph9MwUp3usJIiNCyHqBNklrlfgiiqNW5ZsybZtj8ES3XFd15+Bd8paEKW3F/2
GuySqkxPx71i6Ov7V28EtWZzZntv5zbD6Obf0D1uyMpI3K/OF/I=
=HYZ4
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2743-2] amd64-microcode update
Next by Date: [SECURITY] [DLA 2788-1] strongswan security update
Previous by thread: [SECURITY] [DLA 2743-2] amd64-microcode update
Next by thread: [SECURITY] [DLA 2788-1] strongswan security update
Index(es):
- Date
- Thread