Debian Security Advisory
DLA-351-1 redmine -- LTS security update
- Date Reported:
- 26 Nov 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-8346.
- More information:
It was discovered that there was a data disclosure vulnerability in Redmine, a web-based bug and project management tool.
The time logging form could disclose subjects of issues that are not visible/public. Patch by Holger Just.
For Debian 6 Squeeze, this issue has been fixed in redmine version 1.0.1-2+deb6u11.