From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------- Debian Security Advisory DSA-4574-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 19, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : redmine
CVE ID : CVE-2019-17427 CVE-2019-18890

Hoger Just discovered an SQL injection in Redmine, a project management
web application. In addition a cross-site scripting issue was found in
Textile formatting.

For the oldstable distribution (stretch), these problems have been fixed
in version 3.3.1-4+deb9u3.

We recommend that you upgrade your redmine packages.

For the detailed security status of redmine please refer to
its security tracker page at: https://security-tracker.debian.org/tracker/redmine

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3UPCQACgkQEMKTtsN8 TjZ77w//e2PlXzfRWNeBvzsxuDQgxe5T/r2DPfWV0HL1Pns8+zq/PRfKIMILEUEx Nru32E25B7ulc732WZn6/AzEwZ4TBzUZcVfbOBl9OAWZakH+8p9PDByVLKlyfxpY FqxLbNBzIv1gHYIEBkoRtj1IF7xkiQKCuCqOkE5/Zt9q8b5bb4z+XoFLwIhpeFqi rA7Ae6tUjs0YxcahL2IbcwvqRGmwesdecBDJ5TFL41+noTkTsr7KfRjTfw+lSHr+ 0Zd3+EdxIF1/A2XalozQsp1Z6XIWo4p7BBv55tMQy0OENEZ2/DRrPykOY5hcqMLq LKMksamYIYqDHhw9Zsedwq+ao0dV8yxYS8Pu+527qEs/Ie0A+zcLXgUCdy+i/SJ8 o3JaEtMyL9VlgT8wx7kq5A6ext91SLuBEJ9WcFOoJTi2AqLYqZm2n3pMb2YKFh1q W2arhxuZwlu2ymbQDxy/RrFdVBLq7EyrKFf6nZqJAbRNBvq+kCeozbrYBcrTYl9B IBTLGngcZj058JXbHFAoLc/vR1LquTNClousSqIeEpqcSBC6oENLwTus1b4OeDLJ WJ64MCj9Bd/YEJTcJ8EDzWCvukn9UdSc7t2uYIW996uwe30nCp8Ewk9JdkUkCtUD gb2TG6/IxfVLaO3sptmbbkPE+NmlplNoySQHD2YYSH3EOOT9xUY=
=S7b3
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)