Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 884793 (CVE-2022-39209, CVE-2022-44030, CVE-2022-44031, CVE-2022-44637)

Summary: <www-apps/redmine-{4.2.9, 5.0.4}: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: trivial CC: azamat.hackimov, proxy-maint
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also:
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-08 01:37:02 UTC
Several vulnerabilities affecting Gentoo's versions of
redmine, including several XSS vulnerabilities and CVE-2022-44030:

"Redmine 5.x before 5.0.4 allows downloading of file attachments of
any Issue or any Wiki page due to insufficient permission
checks. Depending on the configuration, this may require login as a
registered user."

Please bump to 5.0.4 and 4.2.9.
Comment 1 Larry the Git Cow gentoo-dev 2022-12-24 07:42:46 UTC
The bug has been referenced in the following commit(s):

commit c88e7e9b7e2698e9bfad3df18d43d344a80a603d
Author:     Azamat H. Hackimov <>
AuthorDate: 2022-12-09 13:00:06 +0000
Commit:     Sam James <>
CommitDate: 2022-12-24 07:41:38 +0000

    www-apps/redmine: add 4.2.9, 5.0.4
    Fixes security issue CVE-2022-44030.
    Signed-off-by: Azamat H. Hackimov <>
    Signed-off-by: Sam James <>

 www-apps/redmine/Manifest             |   2 +
 www-apps/redmine/redmine-4.2.9.ebuild | 240 ++++++++++++++++++++++++++++++++
 www-apps/redmine/redmine-5.0.4.ebuild | 254 ++++++++++++++++++++++++++++++++++
 3 files changed, 496 insertions(+)