From ${URL} : Please assign a CVE identifier for cross-site scripting vulnerability fixed in Redmine versions 3.0.0 and 2.6.2 (2015-02-19). https://www.redmine.org/issues/19117 http://www.redmine.org/projects/redmine/wiki/Security_Advisories @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Version 2.6.9 added.
Vulnerable version removed. Closing as NOGLSA.