From ${URL} : Hi, please assign a CVE ID for another information disclosure issue fixed in the latest Redmine releases (2.6.8, 3.0.6 and 3.1.2) [1]. The bug report [2] links to the relevant diff [3]. Cheers Matthias [1] <http://www.redmine.org/projects/redmine/wiki/Changelog> [2] <https://www.redmine.org/issues/21136> [3] <http://www.redmine.org/projects/redmine/repository/revisions/14794/diff/trunk/app/views/issues/show.api.rsb?utf8=%E2%9C%93&type=sbs> @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Version 2.6.9 added.
Vulnerable version removed. Closing as NOGLSA.