From ${URL} : please assign a CVE ID for an information disclosure issue in the latest Redmine releases (2.6.8, 3.0.6 and 3.1.2) [1]. The issue is listed at [2] and a commit can be found at [3]. A private bug report appears to exist at [4] Cheers Matthias [1] <http://www.redmine.org/news/102> [2] <http://www.redmine.org/projects/redmine/wiki/Security_Advisories> [3] <https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c> [4] <https://www.redmine.org/issues/21150> @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Version 2.6.9 added.
Vulnerable version removed. Closing as NOGLSA.