diff options
author | Bernhard Froehlich <decke@FreeBSD.org> | 2010-12-23 14:12:21 +0000 |
---|---|---|
committer | Bernhard Froehlich <decke@FreeBSD.org> | 2010-12-23 14:12:21 +0000 |
commit | 1500219074e349b5b8936565117f7d3647870e40 (patch) | |
tree | 78e7c2b898dd281918c5fef6b32e905d19687eb7 /security/vuxml/vuln.xml | |
parent | 0b19b3f6e8150485919c76b204cda63b67099cce (diff) | |
download | ports-1500219074e349b5b8936565117f7d3647870e40.tar.gz ports-1500219074e349b5b8936565117f7d3647870e40.zip |
- Document redmine -- multiple vulnerabilities
Notes
Notes:
svn path=/head/; revision=266789
Diffstat (limited to 'security/vuxml/vuln.xml')
-rw-r--r-- | security/vuxml/vuln.xml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 83afa8e5b4e2..1aa3a5e22580 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,39 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="584c506d-0e98-11e0-b59b-0050569b2d21"> + <topic>redmine -- multiple vulnerabilities</topic> + <affects> + <package> + <name>redmine</name> + <range><lt>1.0.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Jean-Philippe Lang reports:</p> + <blockquote cite="http://www.redmine.org/news/49"> + <p>This release also fixes 3 security issues reported by joernchen of Phenoelit:</p> + <ul> + <li>logged in users may be able to access private data + (affected versions: 1.0.x)</li> + <li>persistent XSS vulnerability in textile formatter + (affected versions: all previous releases)</li> + <li>remote command execution in bazaar repository adapter + (affected versions: 0.9.x, 1.0.x)</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>http://www.redmine.org/news/49</url> + </references> + <dates> + <discovery>2010-12-23</discovery> + <entry>2010-12-23</entry> + </dates> + </vuln> + <vuln vid="4bd33bc5-0cd6-11e0-bfa4-001676740879"> <topic>tor -- remote crash and potential remote code execution</topic> <affects> |