-
redmine (3.4.4-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: persistent XSS exists due to textile formatting
- debian/patches/0020-Fix-CVE-2019-17427.patch: improve the way
that html tags are identified to be escaped. (LP: #1853063)
- CVE-2019-17427
- https://www.cvedetails.com/cve/CVE-2019-17427/
- Redmine Defect #31520
-- Paulo Flabiano Smorigo <email address hidden> Mon, 25 Nov 2019 20:17:10 +0000
-
redmine (3.4.4-1) unstable; urgency=medium
[ Marc Dequènes (Duck) ]
* New upstream release:
+ refreshed patches.
+ fix CVE-2017-15568 (Closes: #882544)
+ fix CVE-2017-15569 (Closes: #882545)
+ fix CVE-2017-15570 (Closes: #882547)
+ fix CVE-2017-15571 (Closes: #882548)
+ fix CVE-2017-18026 (Closes: #887307)
* Add missing dependency on 'libjs-raphael' (Closes: #857952).
* Updated Russian translation of debconf template, thanks Lev Lamberov
(Closes: #883919)
* Updated VCS URLs (Alioth->Salsa).
[ Lucas Kanashiro ]
* Bump debhelper compatibility level to 10
* Declare compliance with Debian Policy 4.1.3
-- Marc Dequènes (Duck) <email address hidden> Mon, 02 Apr 2018 13:52:08 +0900
-
redmine (3.4.2-1) unstable; urgency=medium
[ Antonio Terceiro ]
* New upstream release
* Refresh patches
- drop 0006-Bulk-edit-show-fields-required-after-status-tracker-.patch,
issue fixed upstream
[ Marc Dequènes (Duck) ]
* Thanks Antonio for the hard work. Lucas, the team, and myself are
now taking over.
* Use HTTPS URLs in Debian metadata.
* Priority 'extra' is deprecated, switch to 'optional'.
* Bumped Standards-Version.
* Reload all Passenger instances (Closes: #879104).
* Pass instance list to postrm to ensure removal works when things are
broken (found in #868955).
* Support dbconfig-no-thanks.
* Do not fail if manual database installation is selected (Closes:
#868955).
* Fix executable-not-elf-or-script for 'mail_handler.rb'.
[ Lucas Kanashiro ]
* debian/copyright: fix path of redcloth3.rb file
* Fix typo in Debian README
* debian/rules: override dh_fixperms to change some files permission
* debian/control: remove autopkgtest field, it is not necessary since the
debian/tests/control file exists
-- Marc Dequènes (Duck) <email address hidden> Mon, 20 Nov 2017 20:33:48 +0900
-
redmine (3.3.1-4) unstable; urgency=medium
[ Antonio Terceiro ]
* debian/tests/install-purge-install: let autopkgtest handle the first
installation. This improves the reliability of the test because
autopkgtest handles temporary download failures in APT for us
[ Jonatan Nyberg ]
* Swedish translation update (Closes: #855367)
[ Helge Kreutzmann ]
* German translation update (Closes: #857527)
-- Antonio Terceiro <email address hidden> Tue, 07 Mar 2017 15:54:28 +0100