Summary: | <www-apps/redmine-4.0.4: persistent XSS vulnerability in the Redmine Textile formatter | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jonas Stein <jstein> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | azamat.hackimov, jstein, proxy-maint |
Priority: | Normal | Keywords: | PullRequest, SECURITY |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=677986 https://github.com/gentoo/gentoo/pull/12807 |
||
Whiteboard: | ~4 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Jonas Stein
2019-08-26 16:07:17 UTC
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3d1200385e2bab7d8b2c4adc469819519f4470f commit c3d1200385e2bab7d8b2c4adc469819519f4470f Author: Azamat H. Hackimov <azamat.hackimov@gmail.com> AuthorDate: 2019-08-28 18:16:25 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2019-12-08 08:41:06 +0000 www-apps/redmine: remove vulnerable versions Closes: https://bugs.gentoo.org/692890 Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com> Package-Manager: Portage-2.3.69, Repoman-2.3.16 Closes: https://github.com/gentoo/gentoo/pull/12807 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-apps/redmine/Manifest | 2 - .../files/redmine-3.3.7_gemfile_versions.patch | 44 ---- .../files/redmine-3.4.5_gemfile_versions.patch | 41 ---- www-apps/redmine/redmine-3.3.7.ebuild | 224 --------------------- www-apps/redmine/redmine-3.4.5.ebuild | 224 --------------------- 5 files changed, 535 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e163dc22eecc5f00721fa11ee1645b0079031301 commit e163dc22eecc5f00721fa11ee1645b0079031301 Author: Azamat H. Hackimov <azamat.hackimov@gmail.com> AuthorDate: 2019-08-28 17:53:46 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2019-12-08 08:41:05 +0000 www-apps/redmine: update to 4.0.5 Implementing GLEP81, fixes #677986 and #692890. Fixes strict dependencies and adds additional fcgi gem (#657156), fixes error with /var/log/redmine permission changes. Clear Gemfile.lock in config phase to clean up and update dependencies (#660252). Closes: https://bugs.gentoo.org/677986 Closes: https://bugs.gentoo.org/692890 Closes: https://bugs.gentoo.org/657156 Closes: https://bugs.gentoo.org/660252 Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com> Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-apps/redmine/Manifest | 1 + .../files/redmine-4.0.5_gemfile_versions.patch | 76 +++++++ www-apps/redmine/redmine-4.0.5.ebuild | 224 +++++++++++++++++++++ 3 files changed, 301 insertions(+) |