Your message dated Thu, 24 Mar 2016 23:18:16 +0000 with message-id <e1ajew8-000214...@franck.debian.org> and subject line Bug#807272: fixed in redmine 3.0~20140825-8~deb8u2 has caused the Debian Bug report #807272, regarding redmine: CVE-2015-8474: open redirect vulnerability to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 807272: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807272 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: redmine Version: 3.0~20140825-5 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for redmine. CVE-2015-8474[0]: Open Redirect vulnerability If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-8474 [1] https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: redmine Source-Version: 3.0~20140825-8~deb8u2 We believe that the bug you reported is fixed in the latest version of redmine, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 807...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Antonio Terceiro <terce...@debian.org> (supplier of updated redmine package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 19 Mar 2016 20:31:15 -0300 Source: redmine Binary: redmine redmine-mysql redmine-pgsql redmine-sqlite Architecture: source all Version: 3.0~20140825-8~deb8u2 Distribution: jessie-security Urgency: high Maintainer: Jérémy Lal <kapo...@melix.org> Changed-By: Antonio Terceiro <terce...@debian.org> Description: redmine - flexible project management web application redmine-mysql - metapackage providing MySQL dependencies for Redmine redmine-pgsql - metapackage providing PostgreSQL dependencies for Redmine redmine-sqlite - metapackage providing sqlite dependencies for Redmine Closes: 806376 807272 807345 807826 Changes: redmine (3.0~20140825-8~deb8u2) jessie-security; urgency=high . * Security update. Includes fixes for the following vulnerabilities: - CVE-2015-8346: Data disclosure on the time logging form (Closes: #806376) - CVE-02015-8474: open redirect vulnerability (Closes: #807272) - CVE-2015-8473: Issues API may disclose changeset messages that are not visible (Closes: #807345) - CVE-2015-8537: Data disclosure in atom feed (Closes: #807826) Checksums-Sha1: e9d262854135764a2629adf598a6bdbd355ae4f9 2294 redmine_3.0~20140825-8~deb8u2.dsc 03ad5b379dc0999f03c41fad9545fac037bf4546 2193559 redmine_3.0~20140825.orig.tar.gz 598d17cab03ab1beb81296183c47109024fd5400 243076 redmine_3.0~20140825-8~deb8u2.debian.tar.xz 67f7492cbd476907af89aa7b888c16639e583085 4653870 redmine_3.0~20140825-8~deb8u2_all.deb bc8f6c3295ffd013b056bdc9156b1546ab9e9e90 70740 redmine-mysql_3.0~20140825-8~deb8u2_all.deb 71d531067b9775598780f02dbad2c449ba4c6245 70708 redmine-pgsql_3.0~20140825-8~deb8u2_all.deb e636590af4f6599adc6295b416419c50605c2094 70692 redmine-sqlite_3.0~20140825-8~deb8u2_all.deb Checksums-Sha256: 8bf344cf9333253ec55e59b68f77af0da5e3dc4406e314b562861ba4f585c3ea 2294 redmine_3.0~20140825-8~deb8u2.dsc 97accde569350973ff9ba1c1ca5118726dd4fb7f1d47526f902c66d0dc88bc68 2193559 redmine_3.0~20140825.orig.tar.gz 8b461d493aa9fb4aa8f0e63b35165b4fe18188f885fc75d1ba133739bd78a340 243076 redmine_3.0~20140825-8~deb8u2.debian.tar.xz edcce602747d1e9240fcdba65e5040981d90ac49d2f9030cef28c37d2c1295a7 4653870 redmine_3.0~20140825-8~deb8u2_all.deb 70461c0d62acd0198b5441bbfea261fedf564e8762cd8645493e14d6cc27a0c2 70740 redmine-mysql_3.0~20140825-8~deb8u2_all.deb c0a4d7ade48c6608c7fbbd614c6072816c88577d5155f5270250304251895397 70708 redmine-pgsql_3.0~20140825-8~deb8u2_all.deb 7fa4aae57ba37f94526a47a157b3582d69e9236c29543dd10d89e4bec316c552 70692 redmine-sqlite_3.0~20140825-8~deb8u2_all.deb Files: 4867f7033ee33c5359ab34e06b589ac1 2294 web extra redmine_3.0~20140825-8~deb8u2.dsc d40022d37b8b13b3aa4059efd96e33af 2193559 web extra redmine_3.0~20140825.orig.tar.gz fb95747357eaf9d75f89828d6d4d855f 243076 web extra redmine_3.0~20140825-8~deb8u2.debian.tar.xz cc207649fcc55b8f3469ab8297e3883f 4653870 web extra redmine_3.0~20140825-8~deb8u2_all.deb b595c751ea76bce43782d669c649f787 70740 web extra redmine-mysql_3.0~20140825-8~deb8u2_all.deb dd22331b1b13cae0820fbd7da808967a 70708 web extra redmine-pgsql_3.0~20140825-8~deb8u2_all.deb 0d12d1473c648668c664214503a48f71 70692 web extra redmine-sqlite_3.0~20140825-8~deb8u2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJW7zs5AAoJEPwNsbvNRgve0c0QAIKYMP8AU5dcBY6RTEKZewLp C92XHE6vj0zBp+SGoJm4x0wc4nQRsuwdcVdtSGXbSsU7cwvuH0ftgZq2YlX9uE2h 7qv20jA5SZKL9vzYvPo0rhHb4QyPOepBUDCqXdRT6Ik6J4bOcQF3D0dDVXHCwUmU bOvHlOxn0UJibpn9ynb7BS4ZDLUrgzxhOSDWuVr2Lfea1v7XiMGi43n7nXYpmF/0 lwa505gHYs09FTjk2XC396jyL18djDq+/mySZv8/YYbeaYMFK9WSfxAYtwbIqGqZ jcK3V2tCSDSle+WYUKoMw4U0IzkH/bariyYeaTd03WVKPAHqQTwUABvmrhKVLYTi G93PAF7T3k3lC6clFsaYuRsn4bjYzsUDLhpGQJCHvysTiacqN1PS+dJpWj1I1W+f N4s8p36hK+XnE1ddXVNzu4n45JEWZG1pihg2OThaOnS4QyGPZsitHw+WkDhlyjRo Cv6Hcc218p9Y1Lp9cL9TugrGB3tZ2JlKHs4NIRpSOiP4O04ir7flLFlIg95T/Zho MEIRFcc85mwzS/VznX4dog5EgHtfR6+KsA5U+Wd3FmYAbPur+GfjrrctFCyciqFt GxudeoXkEfnLAkcbx451EMdnYug4JPX87gnFJJBrS1YPTt80vlvxnB2HmGVP0CyE hduAi4luiuXIjJYKSLP9 =mAhI -----END PGP SIGNATURE-----
--- End Message ---
