CVE-2021-37156: Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated. Please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e3cd037131f18b31af0ac8b32aa59816d35b27c commit 9e3cd037131f18b31af0ac8b32aa59816d35b27c Author: Azamat H. Hackimov <azamat.hackimov@gmail.com> AuthorDate: 2021-09-28 10:59:51 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-09-28 20:51:43 +0000 www-apps/redmine: remove old vulnerable version Bug: https://bugs.gentoo.org/786561 Bug: https://bugs.gentoo.org/806842 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/22429 Signed-off-by: Sam James <sam@gentoo.org> www-apps/redmine/Manifest | 1 - www-apps/redmine/redmine-4.1.2.ebuild | 231 ---------------------------------- 2 files changed, 232 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fed382ffbf51b0e4b17b43e13f75b3c9a58628b2 commit fed382ffbf51b0e4b17b43e13f75b3c9a58628b2 Author: Azamat H. Hackimov <azamat.hackimov@gmail.com> AuthorDate: 2021-09-28 10:57:25 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-09-28 20:51:42 +0000 www-apps/redmine: new version in 4.2 branch Fixes CVE-2021-37156 Bug: https://bugs.gentoo.org/806842 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> www-apps/redmine/Manifest | 1 + www-apps/redmine/metadata.xml | 1 + www-apps/redmine/redmine-4.2.2.ebuild | 240 ++++++++++++++++++++++++++++++++++ 3 files changed, 242 insertions(+)
Thank you!
